Engineering Excellence Platform Values Data Security and Privacy of Enterprises and DevOps Teams
Propelo, the leading engineering excellence program, recently obtained the SOC-2 Type II certification. Undergoing an extensive certification process, the company demonstrated reasonable assurances that it met all service commitments and system-level requirements under the Trust Service Principles and Criteria framework developed by the American Institute of Certified Public Accountants (AICPA).
“We’re pleased to now have this certification, as it increases confidence in a platform that all of our customers have already learned they can trust,” states Nishant Doshi, founder and CEO of Propelo. “We went through a strong audit process on behalf of our customers to assure them that we’re committed to the continued security of their data and ongoing success of their businesses.”
SOC 2 Type II is a security framework that specifies how organizations should protect customer data from unauthorized access, security incidents, and other vulnerabilities. Organizational compliance is determined through a series of tests, reporting, and independent audits over six months to a year.
Latest ITechnology News:Â Y42 launches the First Modern DataOps Cloud to Offer Fully Managed Environment for Running Production-Ready Data Pipelines
Armanino, an independent auditor and one of the top 25 largest accounting, consulting, and technology firms, facilitated the process to evaluate Propelo based on many individual requirements and operational controls, including:
- Structural and operational integrity of service-level controls
- Functionality and suitability of the platform
- Operational effectiveness
- Protocols and security measures
- Access control and confidentiality
- Data integrity and accuracy
- How well is sensitive data stored, handled, and transmitted
In contending for industry-leading certification, meticulous auditing procedures verified that Propelo met the Trust Services Principles (TSP) of security, availability, and confidentiality.
Propelo’s SOC2 Type II certification reinforces its secure, multi-tenant architecture available to all enterprise-level clients. Propelo doesn’t extract and store data directly from the source; it only obtains metadata from DevOps tools. Enterprises also have complete control over which metadata can be pulled and analyzed. Finally, all data is encrypted, both at rest and in transit.
“Propelo is built using ‘Secure by Design’ principles to empower employees and security teams while maintaining the security and confidentiality of our customer’s data,” said Megha Tamvada, VP of Products at Propelo.
Latest ITechnology News:Â HUMAN Acquires Anti-Malvertising Leader, clean.io, to Enhance Protection Across the Media Ecosystem
“SOC 2 Type II observes controls over a longer period, demonstrating a consistent security posture rather than at just a specific point in time,” he continues. “Propelo makes all efforts to prioritize information security, availability, and confidentiality.”
Propelo’s SaaS platform is hosted within the Google Cloud Platform. Through Role-Based Access Controls (RBAC), Propelo clients can restrict access to specific metrics, dashboards, and datasets. And apply access policies across organizational boundaries, levels of the corporate hierarchy, job function, and team definitions.
The company focuses its efforts on improving its flagship product, hiring top talent for its engineering and business functions, and securing both physical and logical access to any confidential data, both internal and customer-related.
To maintain compliance and protect customer data, Propelo regularly conducts multiple security testing procedures, such as:
- Penetration Testing
- Vulnerability Scanning
- Dynamic Application Security Testing
- Static Application Security Testing
- Source Code Composition Analysis
- Bug Bounty Program
Multi-factor authentication (MFA) is required for all product logins, and both SAML/SSO are also supported. These, coupled with detailed audit logs of user logins and other key events, strengthen data integrity and security.
Latest ITechnology News:Â senhasegura Introduces MySafe for Managing Personal Passwords
[To share your insights with us, please write to sghosh@martechseries.com]