How we handle security

Durate is commited to the security of all our customers' data.

Below are some of the measures we take to ensure our customers' data is secure. We make it the upmost priority to ensure the most robust security measures are in place.

While the options below are some of our important metrics, there are many more we use to comprehensively make sure our platform is as secure as possible. Here are some of the main measures we take:

  • Official compliance checks. We partner with some of the most reputable companies in the world to ensure our platform is compliant with the latest security standards.
  • Real-time monitoring. We keep close monitors to make sure all of our systems are safe and secure.
  • Regular third party audits. We preform regular third party audits to ensure our platform is secure and compliant with the latest security standards.

To achieve these goals, we've commited to becoming SOC 2 compliant and have plans to become HIPAA compliant in the near future.

SOC 2 Compliance

SOC 2 Compliant

Compliance achieved

HIPAA Compliance

HIPAA Compliance

Compliance planned

Types of data protections currently

Access Control and Authorization

  • Access granting process used
  • Access management policy established
  • Account inventory maintained
  • + 5 more

Data Management and Protection

  • Data encrypted at rest
  • Data encrypted in-transit
  • Data inventory maintained
  • + 1 more

Disaster Recovery

  • Automated backups enabled
  • Business continuity and disaster recovery policy established
  • Data recovery process established
  • + 2 more

Endpoint Security

  • Anti-malware deployed on end-user devices
  • Data encrypted on end-user devices
  • Firewall maintained on end-user devices

Infrastructure Security

  • Active discovery tools used
  • Automated security scanning performed on infrastructure
  • Buckets not exposed publicly
  • + 6 more

Monitoring and Incident Response

  • Audit log management process maintained
  • Audit logs collected
  • Incident response policy established
  • + 3 more

Organizational Security

  • Acceptable use policy established
  • Asset inventory maintained
  • Asset management policy established
  • + 9 more

Risk Management

  • Risk assessments performed
  • Risk management policy established
  • Vendor inventory maintained
  • + 1 more

More about SOC 2 and our status

What is SOC 2?

For those unfamiliar with SOC 2, it was initially developed by the American Institute of CPAs (AICPA) and is an audit report that evaluates a company's security, availability, processing integrity, confidentiality, and privacy controls.

Is SOC 2 required?

Even though it isn't legally required, we think it's one of the most important ways we can keep our commitment to keeping our customers' data secure.

What types of SOC 2 are there?

SOC 2 comes in two versions:
— Type I: checks compliance at a single moment.
— Type II: confirms continuous compliance over a set period (usually about six months).

What type of SOC 2 does Durate have?

At Durate, we're proud to be SOC 2 Type II compliant. We felt taking the extra time and effort to become SOC 2 Type II compliant was well worth it and fits with our mission.

Who does Durate use to audit?

Durate uses Oneleet to monitor, collect, and submit evidence to auditors. You can find more information about our status here.