Security and compliance
Atrium takes the security of your data and our infrastructure very seriously. We are committed to providing an environment that is safe, secure, and available to all of our customers all the time.
Last updated: June 2024
1. Introduction
At Atrium, we prioritize the security of our customers' data. This Security Policy outlines the measures we take to protect the confidentiality, integrity, and availability of your information. Our security practices are designed to meet the standards required by security audits from organizations such as Vanta and Drata.
2. Data Protection Measures Encryption:
1. We use industry-standard encryption protocols (e.g., TLS/SSL) to protect data in transit.2. Access Controls: Access to data is restricted based on the principle of least privilege. Employees and contractors are granted access only to the data necessary for their roles.
3. Authentication: We use Google Single Sign-On (SSO) for authentication to ensure secure and streamlined access. Google SSO provides robust security features, including OAuth 2.0, token-based authentication, and compliance with industry standards.
4. Network Security: Our systems are protected by firewalls, intrusion detection systems (IDS), and regular vulnerability assessments to prevent unauthorized access.
5. Monitoring and Logging: We continuously monitor our systems for suspicious activity and maintain detailed logs of access and changes to critical systems.
6. Data Backup and Recovery: Regular backups are performed to ensure data can be restored in the event of data loss or corruption. Our backup systems are tested periodically for reliability.
3. Security Training and Awareness Employee Training:
1. All employees undergo regular security training to stay informed about the latest security threats and best practices.2. Security Awareness: We foster a culture of security awareness within the organization through regular communications and updates on security policies.
4. Incident Response Incident Management:
1. Incident Management: We have a formal incident response plan in place to address security incidents promptly and effectively.2. Notification: In the event of a data breach, we will notify affected customers and regulatory authorities as required by law.
5. Compliance and Audits Regular Audits:
We conduct regular internal and external audits to ensure compliance with our security policies and industry standards.2. Compliance Frameworks: Our security practices are designed to comply with relevant regulations and standards, including GDPR, CCPA, and industry-specific requirements.