Privacy, Confidentiality and Data Security
      Back to home
      1. Pathzero Help Centre
      2. Privacy and terms of use policies
      3. Privacy, Confidentiality and Data Security

      How does Pathzero ensure my data is secure?

      In this article, we provide details about Pathzero's security measures and how we keep your sensitive data secure.

      Platform Security

      We understand that sensitive information is uploaded to our platforms and the need to keep it secure and not accessible by unauthorised parties. This is one of our cornerstone priorities.

      We have established an Information Security Management System ('ISMS'), based on the ISO 27001 standard, to ensure comprehensive governance throughout our organisational operations and product offerings. This includes a suite of formal policies covering (amongst others): Compliance Requirements, Information System Security, Access Control, Data Protection, Systems Management, System Ownership and Return, Password Management, and Email Management. These form the foundation as we work towards formal SOC 2 and ISO 27001 certification.

      We have Compliance Management systems in place to continuously monitor our security posture and have rolled out across the organisation other security systems such as Password Management, Anti-Virus, Multi-Factor Authentication, and VPN access for internal systems. A live view of these controls is available in our Trust Center.

      Some specific details of our security practices are outlined below:

      Systems Security

      • AWS

        • Access is limited by role on a “least privilege” basis

        • Multi-factor authentication is enforced

        • Data is encrypted at rest and in transit

        • Multiple levels of segmentation are used to isolate resources and workloads

        • Multiple types of detective and preventative controls are used to identify and mitigate non-compliant configurations

        • Non-public resources are additionally secured by VPN with separate multi-factor authentication

      • Web Application

        • TLS is enforced with modern ciphers required

        • HSTS is implemented

        • Web Application Firewall inspects all requests

        • External security organisations are engaged to perform penetration testing

      • Code Deployment

        • Deployment to Production is Fully Automated and is initiated by small set of Senior Engineers.

        • Developed code passes through several quality gates, including peer review by at least two other engineers, and the running of unit and integration tests before code can transition from development to staging, for business user review, and then to production.