This comes into effect into ensuring compliance early on with industry standards such as SOC 2 Type II, but also taking the extra mile to ensure security is embedded into everything we do. We have certifications, processes, and audits in place to ensure security, uptime, and deliverability. These certifications, penetration testing summaries, etc. are available upon request for Valence customers.
To ensure our platform could be trusted by global security teams, we ensured that from day 1, our Valence SaaS mesh security platform was built with high security standards and a security mindset. Therefore, Valence completed a SOC 2 Type II attestation which was performed by external auditors and periodically assessed to ensure ongoing compliance.
The SOC 2 Type II compliance ensures that Valence’s risk management, software development and security practices meet AICPA’s Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality or Privacy.
AWS cloud hosting - subject to the high compliance standards
Hardened operating systems (OS)
Cloud runtime protection
Cloud assets vulnerability scanning
Logical tenant separation
IAM Identity and permission per tenant
Separate database, storage and secrets per tenant
Encryption in-transit and encryption at-rest
Annual external penetration testing - zero findings left open
Vulnerability scanning (source code, dependencies and containers)
Strict Content Security Policy
Change management & Secure Development Lifecycle (secure SDLC)
Valence personnel least privilege (need-to-work basis) access to data
Continuous asset and patch management
Multi-factor authentication (MFA) and single sign-on (SSO) access
Security monitoring, incident response and Vendor risk management