Thirdsentry maintains rigorous controls across infrastructure, data protection, application security, and operations. This statement summarizes the practices that protect customer data.
Last updated · March 2025
At Thirdsentry, we prioritize the security of customer data and maintain rigorous controls to safeguard it against unauthorized access, breaches, and other cyber threats. Our approach encompasses infrastructure, data protection, application security, and operational practices.
Section 01
Infrastructure Security
Enterprise-grade cloud infrastructure provides a robust foundation for the Thirdsentry platform.
Hosting environment
Thirdsentry is hosted on Amazon Web Services (AWS), which maintains industry-leading security controls and compliance with major standards including ISO 27001, SOC 2, and PCI DSS.
Data centers
Certified for ISO 27001, SOC 2, and PCI DSS
24/7 monitoring with intrusion detection systems
Fire suppression and environmental controls
Network security
Firewalls and intrusion prevention systems guard against unauthorized access
Network segmentation isolates sensitive systems and is reviewed on a recurring cadence
Server security
Operating systems and software are patched on a defined cadence to mitigate vulnerabilities
Server configurations are hardened against CIS benchmarks
Section 02
Data Protection
Customer data is protected with industry-standard encryption and stringent access controls.
Encryption
In transit: TLS 1.2+ on every connection between the user and Thirdsentry
At rest: AES-256 across all primary data stores and backups
Backups
Daily backups stored in geographically redundant locations
Backup integrity is verified through automated checks and periodic restoration tests
Access controls
Role-based access control (RBAC) is enforced on every customer record
Multi-factor authentication is required for all administrative access
Data retention
Thirdsentry retains customer data only as long as necessary to fulfill contractual obligations or comply with legal requirements.
Section 03
Application Security
The Thirdsentry application is designed with security as a first-class concern, not an afterthought.
Authentication
Two-Factor Authentication (2FA) and Single Sign-On (SSO) via leading identity providers
Passwords are hashed and salted with modern algorithms (bcrypt)
Session management
Sessions are bounded by timeouts and continuous activity monitoring to reduce exposure to session hijacking.
Access control
Granular access levels ensure users see only data and features required for their role
Access permissions are audited on a recurring schedule
Section 04
Security Operations
A proactive security posture with continuous monitoring, testing, and incident response.
Security monitoring
Continuous monitoring of systems and applications for suspicious activity via SIEM tooling
24/7 alerting and response for anomalies
Incident response
A formal incident response plan defines detection, containment, eradication, and recovery
Post-incident reviews drive corrective actions back into the control set
Security testing
Applications and infrastructure undergo independent penetration testing on a recurring cadence
Automated vulnerability scanning ensures known risks are remediated within SLA
Vulnerability management
Identified vulnerabilities are prioritized by risk and remediated within predefined SLAs.
Section 05
Compliance & Certifications
Thirdsentry adheres to recognized industry standards. Certificates of compliance are available upon request.
Frameworks
SOC 2 Type II
ISO 27001
GDPR (General Data Protection Regulation)
CCPA (California Consumer Privacy Act)
Audits
Regular audits are conducted by independent third-party firms to verify compliance and the operating effectiveness of our control environment.
Section 06
Employee Security
Every employee is trained, equipped, and accountable to maintain the platform's security posture.
Security training
Mandatory security training is delivered during onboarding and on a recurring schedule, covering social engineering, phishing, secure development, and incident reporting.
Access controls
Role-based access is enforced across all internal systems. Employees are granted access only to the systems necessary for their role.
Background checks
Comprehensive background checks are conducted for all employees with access to sensitive systems or customer data.
Awareness program
Continuous education on emerging threats keeps the team current on adversarial tactics and protective practices.
Section 07
Physical Security
Stringent measures protect facilities, hardware, and operational continuity.
Office security
Restricted access via keycard systems with biometric authentication where applicable
Security cameras monitor entry and exit points
Hardware security
All workstations and mobile devices are encrypted and protected with managed endpoint security
Remote wipe is enabled for lost or stolen devices
Environmental controls
Facilities are equipped with fire suppression, uninterruptible power supplies, and climate controls to ensure operational continuity.
Section 08
Continuous Improvement
Security is a continuous process, not a fixed end state.
Our commitments
Evolving security practices to meet emerging threats
Adopting new technologies that strengthen our security posture
Reviewing and updating security policies and procedures on a regular cadence
Maintaining transparency with customers about our security measures
Contact us
Questions about our security practices, or need a copy of a specific certification? Reach out — we respond same business day.
This security statement was last updated on March 2025. Thirdsentry reviews and updates this statement on a recurring schedule to reflect changes in our security practices and capabilities.
Auditor-grade by architecture.
Tenant isolation, immutable PolicyVersion, AUDITOR enforced at the data layer, AuditLog on every mutation. See it in a 30-minute walkthrough.