Security

Protecting your data with industry-leading security

Security and our customers' best interests are at the forefront of every decision.

Trust Center

By implementing industry-leading security and best practices we ensure your data stays safe and private. To earn your trust, we make it a point to transparently share our security and compliance program with you.

Application

Encryption documentation
Source control
Static code analysis

Business Operations Process

Control reviews
Control selection
Corrective actions
Disaster Recovery Plan
Disaster Recovery Testing
Fraud Risk
Policy Management
Risk Management
Risk Register
Security Incident Management Plan

Cloud Infrastructure

Datacenters
Firewalls
Host hardening
Infrastructure-as-code
Patch Management
Pen testing
TLS certificates and endpoints
Vulnerability scanning

Customers

Master Services Agreement
Privacy Policy
Release Notifications
Support Channel
Terms of Use

Overview

  • Data segregation and security: Customer data is logically separated through strict coding standards, code reviews, and database design. These records also have a unique customer identifier that ensures maximum data security.
  • Least privilege access management: We apply access controls in accordance with the principle of least privileged. This ensures that access to customer data is only granted to authorized employees who require it to perform their roles and all system access is logged.
  • Penetration testing: We conduct third-party penetration testing on an annual basis, which includes critical security risks listed by the Open Web Application Security Project® (OWASP). This simulates a real-world cyberattack to ensure our systems and your data remain secure.
  • Employee Privacy and Security Training: Security is a company-wide endeavor. All employees complete an annual security training program and employ best practices when handling customer data.
  • The Security Team notifies the appropriate parties to remediate any identified vulnerabilities. In addition, external vulnerability threat assessments are performed regularly by independent security firms. Findings and recommendations resulting from these assessments are categorized and delivered to the leadership.
  • In addition, the control environment is subject to regular internal and external audits and risk assessments. We engage with external certifying bodies and independent auditors to review and test the overall control environment.

Application Security

  • Application actions have unique permissions that are evaluated based on context such as the user and roles.
  • Secrets and API tokens are stored encrypted at rest.
  • An automated risk assessment is performed daily.

Software Development Lifecycle

  • Application code changes require mandatory review and at least one approval.
  • Architecture and sensitive code undergo periodic security reviews.
  • Production environment is separate from development and staging environments.
  • Customer data stays within the production environment.

Responsible Disclosure

  • We take security seriously at ProcureSpark and are committed to ensuring the safety and privacy of our users and their data.
  • If you discover a security vulnerability in our system, please report it to us as soon as possible by simply sending an email to our team at hello@procurespark.ai with details of the vulnerability and any supporting information that you have.
  • We will make every effort to respond to your email as quickly as possible and keep you informed throughout the process of resolving the issue.