Security, Built for Production Reality
Autoheal operates with strict guardrails, least-privilege access, and auditable actions across our infrastructure. Every change is intentional, traceable, and governed by the same security standards you expect from mission-critical systems.
Availability and Disaster Recovery
We have multi-region architecture in place in separate geographic locations to ensure the platform and its services can be rapidly scaled up in the event of a disaster to its primary location.
Vulnerability Management
We perform vulnerability management over our infrastructure and application code. Scans are run at least monthly and adhere to NIST vulnerability remediation timelines.
Personnel Security
We conduct rigorous interviews and background checks to ensure we identify top candidates to join our team. Employees must complete security and privacy training during onboarding and annually.
Incident Response
Our Incident Response program that aligns with both the SANS PICERL and NIST SP 800-61 guides with a dedicated Incident Response team in place to ensure the program follows established internal policies.
Secure Software Development
Security is embedded throughout our SDLC. All changes to production must be peer reviewed, automatically tested through CI, scanned for vulnerabilities, and include roll-back procedures prior to deployment.
Data Security
Autoheal treats customer data as critical infrastructure.
Encrypted in transit and at rest, isolated by default, monitored continuously.
Customer Data Protection
Minimal PII is required for us to provide and maintain our services. All customer data is internally classified under the most critical data classification and is therefore the most strictly controlled and secured. We encrypt all data in transit utilizing TLS 1.2+
Data Isolation
Customer data is never used in our non-production environments which are strictly separated from our production environments and used for development, testing, and staging only.
Identity and Access Management
Autoheal adheres to RBAC principle, therefore unique user accounts and passwords are assigned to each employee based on least privilege. SSO and 2FA are enforced for critical business systems.
System Monitoring
We use software to collect data from system infrastructure and endpoints, monitoring activities such as access, system performance, potential security vulnerabilities, and resource utilization
Compliance and Certifications
We are SOC 2 compliant and ISO 27001 certified. To request a copy of our latest reports as well as access additional information related to our security posture and controls, please contact us.
