Skip to main content

Security and Privacy Controls

We operate a security and privacy baseline built for enterprise and big tech expectations: compliance programs, audit-ready evidence, and production workflows.

Data protection

  • Encryption in transit (TLS) and encryption at rest where supported.
  • Access controls with least-privilege principles.
  • Defined retention and deletion workflows.

Operational controls

  • Change management records for production-impacting work.
  • Incident response playbooks and escalation workflows.
  • Periodic access and configuration reviews.

Security control domains

Access and identity

  • Least-privilege role assignment for operational workflows.
  • Documented onboarding and offboarding procedures.
  • Periodic review of privileged access paths.

Infrastructure and data handling

  • Encryption in transit and at rest where supported.
  • Backup and recovery standards aligned to service criticality.
  • Retention and deletion controls based on contractual requirements.

Operational assurance

  • Change records for production-impacting updates.
  • Incident response runbooks with escalation ownership.
  • Evidence traceability for readiness and external audit workflows.

Vulnerability disclosure

To report a vulnerability, contact security@certifyops.com. We investigate reports and coordinate mitigation updates based on severity.

See also Privacy Policy and Terms.