Security at Ostorlab
Security Program Highlights
Ongoing SOC2 Type II Certification
Ostorlab is in the process to obtain its SOC2, Type 2 final report. This means we ensure enterprise-level protection, and secure service that aligns with AICPA SOC2 standards.
Your data is always encrypted at rest and in transit to and from our platform. We use Google Cloud Key Management service to manage encryption keys using hardware security modules for maximum security in line with industry best practices.
Ostorlab is hosted using Google Cloud Platform services to offer the best guarantee possible in terms of physical and infrastructure security.
Ostorlab's availability SLA is 99.5% and our Recovery Point Objective is 6 hours.
We ensure business continuity and disaster recovery through the concept of “availability zones” and geographical distribution offered by cloud infrastructure.
Our Security assurance program combines 100+ security controls across the organization, including continuous automated scanning as well as a Bug Bounty program and a Responsible Vulnerability Disclosure Policy.