Striven Security Standards
Striven adheres to the highest possible security standards. Below, we have provided an overview of the measures we take to protect our users and their data. You can request a full description of our security standards.
1.1 Hosting Platform
Miles IT engages an annual SOC 2 Type II audit for controls relevant to confidentiality, security, and accessibility of the systems hosted within. The infrastructure is managed and maintained in accordance with standard operating controls as defined. Provisions for security controls, redundancies, and contingencies (Backup, Business Continuity, Disaster Recovery) are examined and validated within that period. Copies of the report can be provided with a signed Non-Disclosure Agreement (NDA).
1.2 Defense In-Depth
The data center responsible for the hosting of the Striven application platform is protected from Distributed Denial of Service (DDoS) attacks via upstream “Threat Mitigation Platforms” applied at each of the Internet Service Providers that provide a handoff. Additionally, anomaly-based endpoint protection is employed throughout the enterprise. When applicable, sensitive data is protected via various controls to prevent accidental or intentional leakage during storage or communication. Role-Based Access Control (RBAC) exists at every layer from the hosting platform through the Striven application itself.
In the event of a security incident, alerts are responded to by a dedicated Security Operations Center (SOC) team in accordance with the incident response processes and procedures. Communications are handled accordingly as the event is addressed.
1.3 Risk Assessment
Periodically, Striven undergoes external and internal vulnerability scanning exercises to determine any residual risk from present vulnerabilities. The Miles IT’s security team assesses risks on an ongoing basis through a review of collected log correlation data, vulnerability assessment results, and other sources. Annually, organization level risk assessment activities are performed that accounts for the categorization of threats to the systems, compensating controls and appropriate mitigation actions.
1.4 Complimentary Customer Control Considerations
Striven is designed with the assumption that customers will utilize the controls present within the application to adhere to the policies and procedures of their organization. Below is a list of the controls that Striven tenants are recommended to implement or adhere to.
Customers are responsible for:
- Defining, documenting, and disseminating to users any operating procedures for the operation of their instance in Striven
- Ensuring proper use of storage locations within Striven in accordance with their data classification methodologies and disclosure policies
- Training users on the use and disclosure of credentials for their Striven tenant instance
- Implementing and reviewing their users’ role and access levels within Striven
- Managing user lifecycles from provisioning, through rights modifications, and disabling of accounts
- Ensuring that individuals making modifications within their Striven tenant instance are authorized
- Periodically reviewing the configuration of their Striven tenant instance to ensure that it is consistent with their policies and practices
For More Information
If you’re looking for a more detailed description of our security standards, let us know and we’ll happily provide you with our complete document.