Security at Resourcely

Table of contents

Heading 2
Heading 3
Heading 4
Heading 5
Heading 6

SOC 2 Type II Compliant

  • Resourcely is SOC 2 Type II Compliant.
  • SOC2 compliance is a component of the American Institute of CPAs (AICPA)’s Service Organization Control reporting platform.

Application Security

  • Our web application architecture and API implementation follows OWASP guidelines.
  • Application actions have unique permissions that are evaluated based on context such as the user and roles.
  • We support Single Sign-On (SSO) via Auth0. New SSO users can be automatically provisioned with RBAC support.
  • Secrets and API tokens are stored encrypted at rest.
  • A risk assessment is performed annually.
  • An incident response plan is in place to trace issues to their resolution and to perform post-incident reviews.

Data Security

  • All data transmissions are protected with TLS (HTTPS) encryption and HSTS.
  • Customer information is encrypted during transit.
  • Data is stored and managed by AWS with full encrypted database backups performed every 1 hour.
  • Access to systems is authorized on a need-to-know basis and follows the principle of least privilege.
  • Access to prod AWS is restricted to a few key employees and is controlled by secure IdP and protected by two-factor authentication (FIDO U2F Security Key).
  • Customer data can be requested and erased from Resourcely in accordance with the Terms of Service and Privacy Policy after the termination of the contract.

Software Development Life Cycle

  • Application code changes require mandatory review and at least one approval.
  • Architecture and sensitive code undergo periodic security reviews.
  • Production environment is separate from development, testing, and staging environments.
  • Customer data stays within the production environment.

Infrastructure

  • Our production infrastructure is designed with redundancy measures, such as failover, content delivery networks, load balancing, and standby replicas, to ensure seamless and uninterrupted operations.
  • We have a comprehensive Business Continuity Plan and Disaster Recovery Plan that undergoes an annual review to ensure our ability to respond to unforeseen events and minimize disruptions to our business.
  • We utilize a third-party service to monitor the performance and system information, enabling us to detect and address issues promptly.

Security Policies

  • New employees undergo a thorough background check as part of the hiring process to ensure they have a clean record.
  • Regular security awareness training is provided to all new hires to identify and prevent potential security threats.
  • Employee workstations are managed remotely using a secure MDM solution to minimize security risks and ensure all software is up-to-date and correctly configured.
  • Disk encryption technology is used on all employee workstations to provide an extra layer of protection for sensitive data, and remote wipe capability is available to erase a lost or stolen device.

Responsible Disclosure

  • We take security seriously at Resourcely and are committed to ensuring the safety and privacy of our users and their data.
  • If you happen to discover a security vulnerability in our system, please report it to us as soon as possible by simply sending an email to our security team at security@resourcely.io with details of the vulnerability and any supporting information that you have.
  • We will make every effort to respond to your email as quickly as possible and keep you informed throughout the process of resolving the issue.

Talk to a Human

See Resourcely in action and learn how it can help you secure and manage your cloud infrastructure today!