Security at Ostorlab
Security Program Highlights
Ongoing SOC2 Type II Certification
Ostorlab is in the process to obtain its SOC2, Type 2 final report. This means we ensure enterprise-level protection, and secure service that aligns with AICPA SOC2 standards.
Data encryption
Your data is always encrypted at rest and in transit to and from our platform. We use Google Cloud Key Management service to manage encryption keys using hardware security modules for maximum security in line with industry best practices.
Hosting
Ostorlab is hosted using Google Cloud Platform services to offer the best guarantee possible in terms of physical and infrastructure security.
Platform's availability
Ostorlab's availability SLA is 99.5% and our Recovery Point Objective is 6 hours.
We ensure business continuity and disaster recovery through the concept of “availability zones” and geographical distribution offered by cloud infrastructure.
Security controls
Our Security assurance program combines 100+ security controls across the organization, including continuous automated scanning as well as a Bug Bounty program and a Responsible Vulnerability Disclosure Policy.