Compliance

CSIRT Dashboard is designed to help security teams manage and respond to security incidents and vulnerabilities. As a platform that handles sensitive security information, we take compliance with industry regulations and standards seriously. This page provides an overview of our compliance efforts and certifications.

CSIRT Dashboard is fully compliant with the General Data Protection Regulation (GDPR). We have implemented appropriate technical and organizational measures to ensure the protection of personal data, including:

• Data minimization and purpose limitation principles
• Comprehensive Data Processing Agreement (DPA)
• Data subject rights management
• Breach notification procedures

CSIRT Dashboard has successfully completed a SOC 2 Type II audit, which verifies that our security controls meet the Trust Services Criteria for security, availability, processing integrity, confidentiality, and privacy. Our SOC 2 report is available to customers under NDA.

CSIRT Dashboard maintains an ISO 27001 certified Information Security Management System (ISMS). This certification demonstrates our commitment to implementing and maintaining a comprehensive security framework that protects the confidentiality, integrity, and availability of data.

For customers in the healthcare sector, CSIRT Dashboard offers HIPAA compliance features and is willing to enter into Business Associate Agreements (BAAs) as needed. Our platform includes the necessary technical and administrative safeguards to protect Protected Health Information (PHI).

CSIRT Dashboard adheres to industry-standard security practices, including:

• End-to-end encryption for data in transit and at rest
• Multi-factor authentication
• Continuous security monitoring and alerting
• Regular security training for all employees

We conduct regular penetration tests of our infrastructure and application by independent security firms. Summary reports of these tests are available to customers upon request. We also maintain a responsible disclosure program for security researchers to report vulnerabilities.

CSIRT Dashboard offers data residency options to comply with various jurisdictional requirements. Customers can choose to have their data stored in specific geographic regions to meet legal or regulatory obligations. We maintain data centers in the EU, US, and Asia-Pacific regions.

CSIRT Dashboard maintains comprehensive audit logs for all system activities, which can be used for compliance reporting and security investigations. These logs are securely stored and are available to customers for their own data.

We are continuously improving our compliance posture. Our roadmap includes:

• FedRAMP certification for government customers
• PCI DSS certification for organizations handling payment card data
• Additional regional certifications based on customer needs