Security Policy
Information security matters. We maintain a comprehensive set of security policies & standards to ensure complete protection.
Standards
Our security controls are SOC 2 certified as of March 31, 2021. We developed a comprehensive framework of security policies and standards encompassing all of the control areas identified by the standard.
This is the same standard followed by global banks, brokerages and stock exchanges around the world – the standard used to protect all information shared with your clients.
Confidentiality
We limit the disclosure of information to authorized individuals, entities, and systems only.
- All user access to the Street Context application is enabled only over TLS encrypted communications with verification of server certificates performed against a trusted third- party Certificate Authority (CA).
- Automated analysis tools are used iteratively within the software development process to eliminate insecure code.
Integrity
Security controls maintain the accuracy and consistency of information; restrict the right to insert, modify, and delete information to authorized parties only; and ensure that information cannot be modified in an unauthorized or undetected manner.
- All application code is reviewed in detail for potential security vulnerabilities and for compliance with technical standards by senior members of the technology team prior to acceptance into the application.
- A suite of security tests is performed as an integral part of our QA process.
- Software releases are deployed to production servers over strongly encrypted, authenticated, and integrity-checked channels.
Controls
Security controls ensure that information remains available to authorized parties, by ensuring that the systems required to deliver the information remain operable and that the information itself remains accessible. Street Context is hosted in secure datacenter facilities that are designed and managed in alignment with best practices for security and leading security standards, including:
- SOC 1 / SSAE 16 / ISAE 3402 (formerly SAS 70 Type II)
- SOC 2
- FISMA, DIACAP, and FedRAMP
- ISO/IEC 27001
- ITAR
- FIPS 140-2
- STAR LEVEL 1 CAIQ
Authenticity
We ensure exchanged communications and shared documents are genuine.
- The Street Context application authenticates messages sent to the application for distribution by verifying DKIM signatures. (This can be disabled at client request if DKIM signing capability is not available in the client organization.)
- Industry alerting services and databases are monitored continuously in order to detect any software vulnerabilities that may be identified in third- party components employed within or supporting the Street Context application. Any detected vulnerabilities are remediated in accordance with the documented Incident Management process.
Non-Repudiation
Security controls will ensure that the individuals and systems performing actions or sending communications cannot deny having done so.
- The Street Context application signs outgoing message content for distribution by applying a DKIM signature.
- Detailed audit logs are kept with respect to user logons, user activities, messages for distribution, message distributions, and other application activities.
Company
Resources