Trust Center

Security is foundational to SkillGPT. We maintain a SOC 2 Type 2 certified security program.

Welcome to the SkillGPT Trust Center

Security is foundational to SkillGPT. We maintain a SOC 2 Type 2 certified security program with comprehensive controls across our infrastructure, endpoints, and identity management. This Trust Center provides transparency into our security practices and compliance posture.

Infrastructure Security

Encryption key access restricted

The company restricts privileged access to encryption keys to authorized users with a business need.

Unique network system authentication enforced

The company requires authentication to the "production network" to use unique usernames and passwords or authorized Secure Socket Shell (SSH) keys.

Remote access encrypted enforced

The company's production systems can only be remotely accessed by authorized employees via an approved encrypted connection.

Organizational Security

Anti-malware technology utilized

The company deploys anti-malware technology to environments commonly susceptible to malicious attacks and configures this to be updated routinely, logged, and installed on all relevant systems.

Code of Conduct acknowledged by employees and enforced

The company requires employees to acknowledge a code of conduct at the time of hire. Employees who violate the code of conduct are subject to disciplinary actions in accordance with a disciplinary policy.

Password policy enforced

The company requires passwords for in-scope system components to be configured according to the company's policy.

MDM system utilized

The company has a mobile device management (MDM) system in place to centrally manage mobile devices supporting the service.

Product Security

Control self-assessments conducted

The company performs control self-assessments at least annually to gain assurance that controls are in place and operating effectively. Corrective actions are taken based on relevant findings. If the company has committed to an SLA for a finding, the corrective action is completed within that SLA.

Vulnerability and system monitoring procedures established

The company's formal policies outline the requirements for vulnerability management and system monitoring for IT / Engineering functions.

Data encryption utilized

The company's datastores housing sensitive customer data are encrypted at rest.

Internal Security Procedures

Continuity and Disaster Recovery plans established

The company has Business Continuity and Disaster Recovery Plans in place that outline communication plans in order to maintain information security continuity in the event of the unavailability of key personnel.

Production deployment access restricted

The company restricts access to migrate changes to production to authorized personnel.

Development lifecycle established

The company has a formal systems development life cycle (SDLC) methodology in place that governs the development, acquisition, implementation, changes (including emergency changes), and maintenance of information systems and related technology requirements.

Incident response policies established

The company has security and privacy incident response policies and procedures that are documented and communicated to authorized users.

Data & Privacy

Data retention procedures established

The company has formal retention and disposal procedures in place to guide the secure retention and disposal of company and customer data.

Data classification policy established

The company has a data classification policy in place to help ensure that confidential data is properly secured and restricted to authorized personnel.