Compliance 

Our information security program is aligned with the industry-accepted framework, SOC2. SOC2 compliance means a company has established and follows strict information security policies and procedures. These policies cover customer data’s security, availability, processing, integrity, and confidentiality. We maintain SOC Type II compliance and are audited annually.
‍Our compliance stance is an essential part of how we protect customer data; however, we recognize that being compliant is not the same as being secure. As such, we have implemented (and will continue to) a range of additional security controls that provide our customers with further assurance that we prioritize security within the Abusix products and organization.

Security in the product 

We provide a number of security features within the Abusix Platform, which help ensure the confidentiality, integrity, and availability of customer information.

SSO/SAML 

Abusix supports SSO/SAML by default across all plans. We encourage customers to enable single sign-on in their Abusix tenant.

Granular control over data retention 

We believe customer data is a liability and provide easy-to-use platform features that ensure it’s only retained in the platform for as long as is required.

Security in the organization 

We place equal importance on security in the Abusix products and security within the Abusix organization. Below is a non-exhaustive list of security measures we’ve implemented at an organizational level.

Access to production systems 

We restrict access to production systems to a handful of employees. No contractors or 3rd-parties have access to production. Customer data is prohibited from leaving our production environment. The list of employees with access to production is regularly reviewed.

Security and Privacy Council 

We have established a cross-functional group, led by the company CEO, that meets regularly to discuss security and privacy matters. The agenda for Security and Privacy Council meetings typically includes a review of recent incidents, security implications of upcoming features, and ongoing compliance efforts.

Awareness training 

Every Abusix employee undergoes security awareness training at least annually after joining.

Security automation 

We leverage security automation extensively to alert on suspicious activity across prod and corp environments.

The Abusix Security Posture 

You can check Abusix Security Posture at https://trust.abusix.com
If you have additional questions, please reach out to [email protected]
Due to the sensitivity of the information, we might require you to sign an NDA.

Reporting security vulnerabilities 

Responsible Disclosure  

As a security company, we commit to providing users a secure and trusted platform. We value security researchers and others who keep a watchful eye and responsibly disclose security issues. If you find any security vulnerabilities, please disclose them to us via [email protected].

We ask that you adhere to the following guidelines:

• Do not disclose the vulnerability to 3rd parties
• Do not violate any laws
• Do not disrupt services (DoS/DDoS)
• Do not access, modify, or destroy any accounts or data that do not belong to you.

Out of Scope  

• HTTPS / TLS security header suggestions
• Direct testing of 3rd parties
• SPF / DMARC / DKIM / DNSSEC suggestions
• Banner/version disclosure
• Social engineering/phishing/spam