Security

Safe and Secure with Scend

Our platform is built with enterprise security at its core

SOC 2 Certificate

SOC2 - Type II

VIEW TRUST REPORT
Governance
Our team establishes policies and controls, monitors compliance with those controls, and prove our security and compliance to third-party auditors.

Our policies are based on the following principles:

01.

Access should be limited to only those with a legitimate business need and granted based on the principle of least privilege.

02.

Security controls should be implemented and layered according to the principle of defense-in-depth.

03.

Security controls should be applied consistently across all areas of the enterprise.

04.

Implementation should be iterative, continuously maturing for greater effectiveness, auditability, and decreased friction.

Data and Product Protections
Penetration Testing

Scend engages with one of the best penetration testing consulting firms, Red Sentry, in the industry at least annually.

Vulnerability Scans

Scend requires vulnerability scanning at key stages of our Secure Development Lifecycle (SDLC), including network vulnerability scanning on a periodic basis.

Data at Rest

All datastores with customer data, in addition to S3 buckets, are encrypted at rest. Additionally, sensitive data is protected with field-level encryption.

Data in Transit

Scend uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks.

Industry Standards and Certificates
We regularly work with independent experts to verify our security, privacy, and compliance controls. Reach out tocontact@scend.aifor audit history or recent penetration testing details.