Security

Security and privacy
at PEER DATA

Security is key to run a data business.

Governance

PEER DATA's Security and Privacy teams establish policies and controls, monitor compliance with those controls, and prove our security and compliance to third-party auditors.

Our policies are based on the following foundational principles:

01

Access should be limited to only those with a legitimate business need and granted based on the principle of least privilege.

02

Security controls should be implemented and layered according to the principle of defense-in-depth.

03

Security controls should be applied consistently across all areas of the enterprise.

02

Security controls should be implemented and layered according to the principle of defense-in-depth.

04

The implementation of controls should be iterative, continuously maturing across the dimensions of improved effectiveness, increased auditability, and decreased friction.

Certification

Security and Compliance at PEER DATA

PEER DATA maintains a SOC 2 Type II attestation and an ISO 27001 compliance certification. Our SOC 2 Type II report and ISO 27001 certificate are available on our Trust Center.

Data Protection

Data at Rest

Customer data and corporate data is encrypted at rest. Sensitive datais also protected with field-level encryption. This prevents that data from being accessed physically or logically without access to the appropriate keys and processes.

Secret Management

Encryption keys are managed using industry standard best practices for Key Management. Keys are stored using specialized hardware that prevents direct access by individuals, including those who maintain the hardware itself. Keys are accessed through standard APIs with least-privilige access patterns and utilization is logged appropriately.

Data in Transit

PEER DATA encrypts all traffic using modern industry best practices and protocols. HSTS (HTTP Strict Transport Security) is also used to require HTTPS for browsers. Keys and certificates are managed following our secret management practices.

Product Security

Penetration Testing

PEER DATA conducts penetration tests through an industry certified external partner at least annually. All areas of the PEER DATA product and cloud infrastructure are considered in-scope for these audits and source code is made available to our security partner in order to maximize the effectiveness of our testing.

Summary penetration test reports are available to our clients through the Trust Center.

Vulnerability Scanning

PEER DATA performs a variety of vulnerability scanning during our software development process, including but not limited to:

Static Analysis (SAST)
Software Composition Analysis (SCA)
Dependency scanning to assist in supply chain attack prevention
Dynamic Analysis (DAST)
Network vulnerability scanning on aperiod basis

Enterprise Security

Endpoint Protection

All corporate devices are centrally managed and are equipped with mobile device management software and anti-malware protection. Endpoint security alerts are monitored with 24/7/365 coverage. We use MDM software to enforce secure configuration of endpoints, such as disk encryption, screen lock configuration, and software updates.

Vendor Protection

PEER DATA uses a risk-based approach to vendor security. Factors which influence the inherent risk rating of a vendor include:

Access to customer and corporate data

Integration with production environments

Potential damage to the PEER DATA brand

Once the inherent risk rating has been determined, the security of the vendor is evaluated in order to determine a residual risk rating and an approval decision for the vendor.

Secure Remote Access

PEER DATA requires using a VPN for remote access to resources, tied to malware-blocking DNS to protect employees and their endpoints.

Security Education

PEER DATA provides comprehensive security training to all employees upon onboarding with annual retraining. In addition, all new employees attend a mandatory live onboarding session centered around key security principles. All new engineers also attend a mandatory live onboarding session focused on secure coding principles and practices.

PEER DATA’s security team shares regular threat briefings with employees to inform them of important security and safety-related updates that require special attention or action.

Identity and Access Management

PEER DATA uses Okta to secure our identity and access management. We enforce the use of phishing-resistant authentication factors, using WebAuthn exclusively wherever possible.

PEER DATA employees are granted access to applications based on their role, and automatically deprovisioned upon termination of their employment. Further access must be approved according to the policies set for each application.

Data Privacy

At PEER DATA, data privacy is a first-class priority—we strive to be trustworthy stewards of all sensitive data.

Privacy Shield

PEER DATA maintains an active Privacy Shield membership.

Regulatory Compliance

PEER DATA evaluates updates to regulatory and emerging frameworks continuously to evolve our program.

Privacy Policy and DPA

View Vanta’s Privacy Policy
View our list of Subprocessors
View our DPA

Join our team

Are you someone who loves collaboration while having a thirst for knowledge when it comes to data science?Then head over to our job listings today!

Connect with Careers
View all roles
80k

Applicants

3k

Closed Vacancies

100

Active Clients

50

Specialties

How can we help?

We're here to answer your questions and provide the support you need—Get in touch

First Name
Email
Message
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Preferences
DeclineAccept
Cookie preferences