Security is foundational to SkillGPT. We maintain a SOC 2 Type 2 certified security program.
Security is foundational to SkillGPT. We maintain a SOC 2 Type 2 certified security program with comprehensive controls across our infrastructure, endpoints, and identity management. This Trust Center provides transparency into our security practices and compliance posture.
The company restricts privileged access to encryption keys to authorized users with a business need.
The company requires authentication to the "production network" to use unique usernames and passwords or authorized Secure Socket Shell (SSH) keys.
The company's production systems can only be remotely accessed by authorized employees via an approved encrypted connection.
The company deploys anti-malware technology to environments commonly susceptible to malicious attacks and configures this to be updated routinely, logged, and installed on all relevant systems.
The company requires employees to acknowledge a code of conduct at the time of hire. Employees who violate the code of conduct are subject to disciplinary actions in accordance with a disciplinary policy.
The company requires passwords for in-scope system components to be configured according to the company's policy.
The company has a mobile device management (MDM) system in place to centrally manage mobile devices supporting the service.
The company performs control self-assessments at least annually to gain assurance that controls are in place and operating effectively. Corrective actions are taken based on relevant findings. If the company has committed to an SLA for a finding, the corrective action is completed within that SLA.
The company's formal policies outline the requirements for vulnerability management and system monitoring for IT / Engineering functions.
The company's datastores housing sensitive customer data are encrypted at rest.
The company has Business Continuity and Disaster Recovery Plans in place that outline communication plans in order to maintain information security continuity in the event of the unavailability of key personnel.
The company restricts access to migrate changes to production to authorized personnel.
The company has a formal systems development life cycle (SDLC) methodology in place that governs the development, acquisition, implementation, changes (including emergency changes), and maintenance of information systems and related technology requirements.
The company has security and privacy incident response policies and procedures that are documented and communicated to authorized users.
The company has formal retention and disposal procedures in place to guide the secure retention and disposal of company and customer data.
The company has a data classification policy in place to help ensure that confidential data is properly secured and restricted to authorized personnel.