Trust and Security

Trust and Security

at LODAS

at LODAS

Security is extremely important to us. Customers trust us with their personal and financial information, and it is our duty to do the utmost to ensure their information is safe – we take this responsibility very seriously.

Security Policies and Controls

We work behind the scenes to protect and secure your information.

Policies and Procedures

Policies and Procedures

LODAS has developed operational policies and procedures for ensuring the security and availability of the LODAS Platform and related components. It covers a wide range of areas to including information security, incident response, access control, physical security, network security, vulnerability management, secure development, change management, vendor management, disaster recovery and business continuity.

Policies and Procedures

LODAS has developed operational policies and procedures for ensuring the security and availability of the LODAS Platform and related components. It covers a wide range of areas to including information security, incident response, access control, physical security, network security, vulnerability management, secure development, change management, vendor management, disaster recovery and business continuity.

Access Control

Access Control

LODAS has determined that access should be limited to only those with a legitimate business need and is granted based on the principle of least privilege. LODAS uses uses role-based access control (RBAC) and an identity management system to identify, authenticate, and validate access to systems or resources. Multi-factor authentication is required to access core systems.

Access Control

LODAS has determined that access should be limited to only those with a legitimate business need and is granted based on the principle of least privilege. LODAS uses uses role-based access control (RBAC) and an identity management system to identify, authenticate, and validate access to systems or resources. Multi-factor authentication is required to access core systems.

Encryption

Encryption

All data stores with customer data, in addition to S3 buckets, are encrypted at rest. Sensitive collections and tables also use row-level encryption. LODAS uses TLS v1.2 or higher everywhere data is transmitted over potentially insecure networks. We also use features such as HSTS to maximize the security of data in transit. Server TLS keys, certificates and encryption keys are managed by AWS.

Encryption

All data stores with customer data, in addition to S3 buckets, are encrypted at rest. Sensitive collections and tables also use row-level encryption. LODAS uses TLS v1.2 or higher everywhere data is transmitted over potentially insecure networks. We also use features such as HSTS to maximize the security of data in transit. Server TLS keys, certificates and encryption keys are managed by AWS.

Product Security

Product Security

LODAS performs regular application and infrastructure security vulnerability scanning and penetration testing, by internal staff and third-party security researchers/specialists, to proactively identify vulnerabilities and complete remediation in a timely manner.

LODAS Secure Development Lifecycle (SDLC) requires code reviews and 100% test coverage before any change is made to the system.

Product Security

LODAS performs regular application and infrastructure security vulnerability scanning and penetration testing, by internal staff and third-party security researchers/specialists, to proactively identify vulnerabilities and complete remediation in a timely manner.

LODAS Secure Development Lifecycle (SDLC) requires code reviews and 100% test coverage before any change is made to the system.

Security Compliance

LODAS undergoes annual external audits by multiple independent auditors. These reports, plus additional security documentation, are available to all customers, prospects, and vendors by reaching out to our sales team.

SOC 2 Type II

SOC 2 Type II

SOC 2 Type II

LODAS is SOC 2 Type II compliant, a certification developed by the American Institute of Certified Public Accountants (AICPA) that verifies our effective security controls over an extended period to protect your data and ensure compliance with industry standards.