Hey folks, my organisation has some questions about the security frameworks in place at Softr. The security page seems to just talk about the security that AWS has in place, and not if softr itself has SOC 2 certification etc. Could you please let me know what security is in place (specific questions below that I need to report on).
1- “Are you SOC type 1 or SOC 2 certified?” 2- “Are there other information security frameworks Softr currently follows? Please provide names and additional details regarding implementation. For example ISO 27000, NIST, GDPR etc.” 3- “In the past 12 months, have you had a third party conduct a penetration test of your platform and infrastructure?” 4- “Do you have a physical security policy?” 5- “What country is the information of my members stored?” 6- “Are you able to tell me what platform you use for hosting i.e. AWS?”
And yes, AWS is the platform we use for data storage and hosting. As an additional point, you will learn more about how they offer security here Cloud Security – Amazon Web Services (AWS)
From docs you mentioned “Softr datacenter (AWS regions)” is currently located in Germany only if I get them right @Marine.Hovhannisyan, or are your AWS resources located in others regions too?
I ask because we need to mention in the Term of Services where the servers are located, because of “low constraints”.
Moreover is possible to have some more details on the AWS architecture you use and how you face redundancy, disaster recovery and service level agreement?
Hi Marine,
Appreciate the original post and response. Wanted to confirm if theres an update on this. I reviewed the security page mentioned and it still suggest that only AWS is SOC 2 compliant.
However, I found this post from Artur Mkrtchyan. Is there a best contact to get assurance documents?