Anduin Trust Center

Anduin's platform on AWS is secured with SOC 1 Type II, SOC 2 Type II, and ISO 27001 certifications.

We prioritize privacy, using information to enhance service while ensuring confidentiality. Anduin complies with U.S. ESIGN, GDPR, CCPA, CPRA, and holds SOC 2 Type II Certification. Anduin's privacy policy is available here. 

• Consistent compliance with international security standards
• Adherence to relevant laws and regulations
• Regular external penetration testing
• Validation of security by certified auditors
• Sharing of the latest test results and assessments with partners and customers

• SOC 2 Type II
• The Uniform Electronic Transactions Act
• The U.S. ESIGN Act of 2000
• eiDAS
• Write Once Read Many Archiving (WORM)
• GDPR
• CCPA
• CPRA
• CSA - Security, Trust, Assurance and Risk program (STAR)

• Advanced Firewalls
• Zero Trust Network Access
• Secure Web Gateway

• Multi-Layered Firewalls & Virtual Networks
• Production Network Isolation
• Regular Vulnerability Assessments
• Perimeter Security Controls
• Strict Access Controls

• In Transit: Data transmissions are secured using HTTPS and TLS 1.2 or higher.
• At Rest: Data is stored in environments with SOC 1 Type II, SOC 2 Type I, and ISO 27001 certifications, using AES-256 encryption.
• Key Management: Encryption keys are secured in industry-grade vaults, with regular master key rotations for added protection.

• Logical Data Separation
• Dedicated Databases
• Role-Based Access Control (RBAC)

• Device and Application Controls
• Physical Security Measures
• Behavioral-Based Protection

• Two-Factor Authentication (2FA)
• Single Sign-On (SSO)
• API Key Authentication
• Strong Password Policies
• Session Management

• Tools for searching, filtering, and reporting on system activities to maintain transparency and accountability.
• Logs are encrypted with AES-256 and stored securely in the cloud.
• Logs are retained long-term for thorough audits and forensic investigations.

• Role-Based Access Control (RBAC): Controls access based on roles like deal owner or data room participant.
• Pre-Authorized Access Tokens: Securely handles tasks like e-signing or viewing reports without full login.

• Cross-Functional Security Team
• Background Checks and Policies
• Continuous Training
• Phishing Awareness
• InfoSec Council
• Secure Coding Practices

• Categorizes data by sensitivity and importance for appropriate handling.
• Includes data matching and leak prevention across platforms, cloud storage, and email systems.
• Employs data encryption, full disk encryption, and remote wipe capabilities to secure data on all devices and platforms.

• Principle of Least Privilege: Employees access only the data necessary for their roles.
• Personal data is pseudonymized where applicable to enhance confidentiality.
• Regular reviews and updates of data access controls and separation of duties to prevent misuse and ensure compliance.

• Code is reviewed by engineers and deployed continuously to streamline updates.
• Tools scan for vulnerabilities and unsafe practices early.
• Development, testing, and staging are separate from production to prevent cross-contamination.
• Annual testing by external experts addresses identified issues promptly.

• Uses geographically dispersed AWS data centers for operational continuity.
• Annual reviews and tests disaster recovery plans.
• Secure, remote backups protect essential data from physical disruptions.
• Multiple channels ensure swift crisis communication and response.

• Systems are designed for over 99.9% uptime, handling both planned and unplanned disruptions effectively.
• Multi-Layered Resilience
• Application Resilience
• Data Integrity
• Infrastructure Stability
• Real-time infrastructure status is provided on our dedicated status site for transparency.

• Utilizes native cloud services and third-party tools for extensive visibility.
• Correlates and analyzes logs to promptly identify network and application threats.
• Automatically notifies Infrastructure and Security teams via email and messaging for rapid response.