Securing customer data is a top priority for CurrentClient. Members of our team have had careers involving security consulting for global corporations and government agencies, and have been personally involved in assisting cloud providers in creating certifications for security practitioners. This security-first mindset is now being applied at CurrentClient.
We work with an independent auditor to maintain a SOC 2 report, which objectively certifies our controls to ensure the continuous security of our customers' data.
We also use Drata’s automation platform to continuously monitor 100+ security controls across the organization. Automated alerts and evidence collection allows us to confidently prove our security and compliance posture any day of the year, while fostering a security-first mindset and culture of compliance across the organization.
For more information regarding our SOC 2 audits and the continuous monitoring of our security controls, visit our Trust Center.
We leverage Amazon Web Services (AWS) as our cloud provider and store customer data within their data centers. All data is stored within the United States.
Our cloud provider’s data centers are secure by design, making use of extensive physical and digital safeguards, and are monitored 24/7. Details can be found here.
All data is encrypted at rest and in transit. We use SSL certificates issued by Amazon and support encryption protocols and ciphers such as TLS 1.3, 128-bit AES-GCM, and SHA256. Data is encrypted on disk using 256-bit AES-GCM.
Customer data is handled in accordance with our privacy policy found here.
Data requests and deletion can be submitted here.
We adhere to the principle of least privilege, granting only necessary permissions to people and systems. Highly privileged accounts are disabled or restricted as appropriate, and granted only to those who need them, with organization-wide preventive and detective controls governing their use. We require strong passwords and multi-factor authentication (MFA) for all employees with access to our systems and data.
We make use of several managed and serverless offerings provided by our cloud provider, allowing us to leverage existing underlying infrastructure protection at the hardware, operating system, and networking layer. These layers make use of stateful firewalls, intrusion detection/prevention systems, and distributed denial of service (DDoS) attack mitigation. Systems are regularly updated with the latest security patches.
We make use of several security services provided by our cloud provider, allowing us to log all activity within our environment, detect resource configuration changes, and trigger alerts in the event of suspicious activity.
Our data and systems redundantly reside in multiple data centers separated by several miles, each of which has redundant power and connectivity. Our databases leverage continuous backup configurations that provide point-in-time recovery with deletion protection safeguards.
Security is a company-wide endeavor. All employees complete an annual security training program and employ best practices when handling customer data.
Amazon Web Services (AWS) data centers comply with a long list of IT standards, including the following:
For more information about AWS, its policies, and compliance, see the following:
And we can answer your questions.