Your Geospatial Data is Safe & Secure

Keep your data safe with private cloud space, explicit firewalls, SSL encryption and stringent authentication controls.

AICPA SOC

PIVVOT SECURITY

Our SOC 2 Type 1 report attests to the controls we have in place governing the security of customer data as they map to Trust Service Principles (TSPs) established by the American Institute of Certified Public Accountants (AICPA). We are proud of the excellence of our controls and invite you to obtain a copy of our SOC 2 Type I report by contacting your Pivvot representative.

APPLICATION SECURITY

In-transit Encryption

Sessions between you and the Pivvot platform are protected with in-transit encryption using 2,048-bit or better keys and TLS 1.3.

Web Application and Network Firewalls

Pivvot monitors potential attacks with several tools, including a web application firewall and network-level firewalling. In addition, the Pivvot platform contains Distributed Denial of Service (DDoS) prevention defenses to help protect your site and access to your products.

Software Development Lifecycle (SDLC) Security

Pivvot implements static code analysis tools and human review processes in order to ensure consistent quality in our software development practices.

DATA CENTER PROTECTIONS

Physical Security

Pivvot products are hosted with cloud infrastructure providers with SOC 2 Type II and ISO 27001 certifications, among others. The certified protections include dedicated security staff, strictly managed physical access control, and video surveillance.

SOFTWARE SECURITY

Patch Management

Pivvot’s patch management process identifies and addresses missing patches within the product infrastructure. Server-level instrumentation ensures tracked software packages use the appropriate versions.

Security Incident Response

Pivvot’s security incident process flows and investigation data sources are pre-defined during recurring preparation activities and exercises and are refined through investigation follow-ups. We use standard incident response process structures to ensure that the right steps are taken at the right time.

AUDITS, VULNERABILITY ASSESSMENT & PENETRATION TESTING

Vulnerability Assessment

Pivvot tests for potential vulnerabilities on a recurring basis. We run static code analysis, and infrastructure vulnerability scans.

Penetration Testing

Pivvot leverages 3rd party penetration testing firms several times a year to test the Pivvot platform and product infrastructure.

ExternalAudit & Certification

Pivvot has obtained a SOC 2 Type I report attesting to the excellence of its security controls. If you’re interested in obtaining a copy of our SOC 2 report, please reach out to your Pivvot representative. Our infrastructure providers maintain ISO 27001, SOC 2 Type II, and many other certifications (AWS).