How we safeguard the leading Web3 Due-Diligence platform
At AuditBase, security is at the core of everything we do. As a platform dedicated to streamlining audits and compliance, we prioritize the protection of our users' data and maintain rigorous security standards to build and sustain trust. Our security practices are designed to safeguard sensitive information, ensure compliance with industry regulations, and provide a reliable environment for your auditing needs.
Learn More
Our Security and Privacy teams are responsible for establishing robust policies and controls, continuously monitoring compliance, and demonstrating our security posture through third-party audits. These efforts are guided by foundational principles that underpin our approach to security:
1) Least Privilege Access: Access is granted only to those with a legitimate business need, minimizing exposure.
2) Defense-in-Depth: Multiple layers of security controls are implemented to provide comprehensive protection.
3) Consistent Application: Security measures are applied uniformly across all systems and processes.
4) Iterative Improvement: Controls are regularly reviewed and enhanced to improve effectiveness, auditability, and user experience.
AuditBase is committed to maintaining the highest standards of security and compliance. We hold the following certifications and attestations:
- SOC 2 Type I: Attestation covering security, availability, processing integrity, confidentiality, and privacy.
For detailed reports and certificates, contact us at security@auditbase.com. We also comply with key regulations, including GDPR, CCPA, and HIPAA where applicable.
To ensure the integrity of our platform:
- Penetration Testing: Conducted annually by independent third-party experts, covering the full scope of our application and infrastructure. Source code is made available for thorough white-box testing. Summary reports are available in our Trust Center.
- Vulnerability Scanning: Integrated into our SDLC, including static application security testing (SAST), software composition analysis (SCA), dynamic application security testing (DAST), and continuous network scanning. We also monitor our external attack surface.
Our internal security practices support a secure operational environment:
- Endpoint Protection: All corporate devices are managed with mobile device management (MDM) tools, equipped with anti-malware, full-disk encryption, and 24/7 monitoring.
- Vendor Security: We assess vendors using a risk-based framework, evaluating data access, integration risks, and overall security posture before onboarding.
- Secure Remote Access: Employees connect via secure VPN solutions with multi-factor authentication (MFA) and endpoint verification.
- Security Education: Mandatory onboarding training, annual refreshers, and regular phishing simulations to keep our team vigilant.
- Identity and Access Management: Centralized IAM system with role-based access control (RBAC), MFA enforcement, and automated provisioning/deprovisioning tied to HR processes.
Privacy is a fundamental right, and we are dedicated to protecting it. AuditBase complies with global privacy regulations and maintains transparency in our data handling practices.
- We are committed to the principles of data minimization, purpose limitation, and user consent.
Key documents:
- Privacy PolicyData Processing Agreement (DPA)
- Subprocessors List
For any security-related inquiries, contact us at security@auditbase.com. AuditBase reserves the right to update this page as our security practices evolve.
Ready to take your smart contract security to the next level? Stay ahead of potential vulnerabilities and threats with AuditBase.Right now, new users can get unlimited scans when they sign up today.
Start Free Trial