Welcome to Codat’s Trust Portal
We take the responsibility of looking after your data very seriously. On this page, you’ll find everything related to Codat’s security, compliance, and privacy policies. Please reach out to your Account Manager if you have any questions.
Compliance
Codat’s Security Compliance program is built and continually improved in line with industry-recognized and SOC2 TSP and ISO27001 standards. We undergo audits every year for both of these. If you’d like to see our latest SOC 2 Type II, just ask your Account Manager.
Application and data security
Attack prevention
To defend against attacks, Codat has a Web Application Firewall in place.
Bug bounty and penetration testing
Codat conducts annual penetration testing and operates a managed private bug bounty program.
Data encryption
When your data is in storage, it is encrypted using Advanced Encryption Standards (AES-256). When on the move, your data is encrypted via industry best practices using Transport Layer Security (TLS 1.2).
User access
Codat employees will not have access to your Codat Portal instance unless you explicitly grant permission. You will retain full control over user access at all times, including privileged administrative rights.
Cloud infrastructure
Shared responsibility model
Codat uses Microsoft Azure’s Platform as a Service (PaaS) offering to provide its products. This means that Azure is responsible for the patching and maintenance of the operating system, in addition to the physical data centers and network security.
Compliance
Azure regularly undergoes independent verification of security, compliance, and privacy controls against both ISO27001 and SOC2 standards, as well as many more. More information on Azure’s security can be found here.
Endpoint devices
Anti-virus & malware protection
All Codat devices are fully covered by our endpoint detection and response system.
Mobile device management
Devices are fully managed, including patch management, security policies, and other best practices where applicable.
Our people
Employee lifecycle
Codat’s onboarding process involves comprehensive interviewing of candidates, background screening, and a structured onboarding period. Exiting employees have their access to Codat systems terminated within one business day.
Training
All Codat employees undergo security training when they start with us, and then at least annually thereafter. We also conduct regular in-house phishing campaigns and ad hoc training.
We encourage responsible disclosure
If you discover vulnerabilities in our web application, or in our APIs, we ask that you alert our team by completing the form below.