Security & Trust Center

AICPA/SOC icon

At Stensul maintaining the security and privacy of your data is our utmost concern. Stensul has implemented a robust security program that spans from secure system architecture through employee training on security and privacy best practices.

Stensul is audited annually by and complies with the AICPA standards for Controls at a Service Organization (SOC2 Type 2).

Product Security

Account security

Stensul provides various tools and features that can be used to keep a Stensul account and resources safe from unauthorized use, including user/password authentication with a configurable password and account lockout policy, standard SSO methods: OAUTH2 / OIDC & SAML 2.0., and user activity logging for security monitoring.

Data security – transmission and encryption

Customer and employee login information for the Stensul platform is encrypted using non-reversible encryption techniques, data is transmitted using only HTTPS endpoints with TLS (2048 bit keys). Data is encrypted both in transmission and at rest for working files and offsite backups.

Physical and operational security

The Stensul production environment is located at TIER-1 providers in the United States that offer robust physical and operational security. Stensul uses Google Cloud Platform (GCP) and Amazon Web Services (AWS) as production data centers.

Redundancy

Stensul uses a world-class infrastructure that is carefully monitored, dispersed around multiple availability zones, and has fault-tolerant web architectures with cloud resources.

Application development life-cycle

Stensul product development adheres to software development life-cycle (SDLC) best practices with multiple steps to ensure the quality and the security of our platform.

Internal Security

Network security access

Access to servers is protected by a bastion host secured using two-factor authentication (2FA) and accessible only via VPN.

Firewalls and DDoS

Stensul is protected by a globally distributed network built to absorb distributed denial of service (DDoS) attacks.

Intrusion detection

Stensul runs an intrusion detection system (IDS) on the front line for servers that have exposure to the DMZ. File servers run an antivirus (AV) with daily updates.

Security and privacy awareness

All Stensul employees have mandatory security and privacy awareness training.