ProScore Security Compliance Statement

At ProScore, we are deeply committed to safeguarding your data and maintaining the highest standards of security. We are pleased to provide you with an overview of our security practices and compliance measures.

Data Protection:

ProScore employs rigorous measures to protect your data both in transit and at rest. Data in transit is secured using Transport Layer Security (TLS) protocol with a minimum version of 1.2, ensuring encryption and integrity during transmission. Additionally, data at rest is safeguarded through Advanced Encryption Standard (AES) 256 encryption, providing robust protection against unauthorized access.

Secret Management:

We implement strict controls over secret management to ensure the confidentiality and integrity of sensitive information. User account passwords are encrypted at the application level before storage in our database. Furthermore, application secrets are encrypted at rest, and access is tightly regulated to authorized personnel only.

Secure Development:

Security is ingrained into every stage of our software development lifecycle. Our development practices encompass a range of security measures, including code repository controls, deployment controls, peer code review, penetration testing, and security training for engineers. We conduct thorough threat modeling and vulnerability scanning to identify and mitigate potential risks proactively.

Infrastructure Security:

ProScore relies on reputable hosting providers such as Amazon Web Services. These providers share our commitment to security and have attained compliance with industry-leading frameworks such as SOC 2 Type 2.

Company Policies and Procedures:

Our security, risk, and compliance processes are continually refined based on industry best practices and undergo regular reviews and updates. All employees undergo mandatory security training upon hire, with periodic refreshers to reinforce security awareness. Our comprehensive policies cover a wide range of areas including access control, asset management, cryptography, data management, human resources security, and secure development.

Platform Security:

We maintain ongoing security activities to monitor and protect our platform. This includes application log alerting, analysis, and retention, as well as regular penetration testing and vulnerability scanning. In the event of a security incident, we have established an incident response plan and dedicated team to promptly address and mitigate any potential threats, ensuring the resilience of our systems and the protection of customer data.

At ProScore, security is not just a priority; it’s a fundamental aspect of our operations. We are dedicated to upholding the trust you place in us by prioritizing the security and integrity of your data.