SOC 2 Compliance
Our Security Commitments
to Clients Include:
- User settings based on role to limit access to unauthorized information.
- Intrusion detection systems to prevent potential security attacks from outside sources.
- Operational procedures for managing security incidents and breaches.
- Use of encryption technologies as well as data retention and data disposal policies.
- Continuous monitoring to ensure up- time availability of production systems.
RTO’s Pledge
Processes
SOC Compliance
RTO is SOC 2 Compliant which ensures 3rd party providers are committed to securely handling customer data. This certification verifies that processes and procedures are in place to protect customer data.
Data Management
The data we collect is stored in a database and encrypted with the use of technology to protect customer data both at rest and in transit. RTO has data retention and data disposal policies in place to ensure that data is only stored as necessary. Access to Personally Identifiable Information (PII) is controlled through ongoing activity monitoring, to ensure that sensitive data is restricted to employees based on job function.
Risk Assessment
RTO has preventative security practices in place to identify vulnerabilities in our IT infrastructure. This includes vulnerability scans and penetration testing that are regularly scheduled to uncover weaknesses in the security or performance of our systems. Identifying these potential gaps in our systems early will reduce the risk of security breaches and attacks.
People & Training
The RTO team consists of dedicated team members that manage major product functions, including operations and support. Our IT/Engineering team monitors the environment, as well as manages data backups and recovery. RTO is committed to hiring the right people for the right job as well as training them both in their specific tasks and ways to keep our company and data secure.