General
Trinsic
SOC2
Trinsic is SOC2 Type I certified and is obtaining its Type II certification, which we aim to have completed by the end of 2024.
Secure Software Development Life Cycle (SDLC)
We follow best practices in security engineering -- all code is peer reviewed by at least 1 other senior engineer and we have a yearly penetration test against our infrastructure.
Our dependencies are updated weekly to ensure we're on the latest vulnerability fixes, including base container images that run our infrastructure.
Access control and least privilege
All access to backend infrastructure is gated behind the principle of least privilege, with only senior engineering leadership having access to production infrastructure. We require strong MFA on all accounts for all services we use internally.
Infrastructure
Backup and disaster recovery
Trinsic's data infrastructure on Microsoft Azure is backed up continuously, allowing detailed recovery timelines in case of outages.
We regularly test this database recovery to ensure functionality.
Logging, Monitoring and Security
Application-level and infrastructure security logs are stored for 30 days.
We employ continuous monitoring of our infrastructure and code repositories.
Updated about 1 month ago