SOC 2 Type 2 Certified

Security at eDist.

At eDist, we make substantial investments in enhancing our security and compliance measures, ensuring the complete safety and protection of valuable data.

Monitored by Vanta

Personnel Security


At eDist, we prioritize the security of our data, as well as that of our clients and customers. We take measures to grant access only to trusted individuals:

  • We enforce the use of random passwords, two-factor authentication (2FA), and single sign-on (SSO) to enhance security measures.
  • Our organizational policies undergo an annual review process to ensure they remain up-to-date and aligned with current standards and best practices.
  • All contractors and employees of eDist undergo thorough background checks, adhering to local laws and industry best practices.
  • Confidentiality agreements, including Non-Disclosure Agreements (NDAs), are signed by all employees, contractors, and others who require access to sensitive or internal information.
  • We instill a culture of security within our organization by providing employee security training and conducting tests using up-to-date techniques and attack vectors.

Secure Development


eDist follows secure development lifecycle principles for all development projects, including on-premises software products, and support services:

  • Every development effort, whether it involves creating new products, tools, or services, or making significant changes to existing ones, undergoes a design review to ensure that security requirements are integrated into the proposed development.
  • eDist has a formal systems development life cycle (SDLC) methodology in place that governs the development, acquisition, implementation, changes (including emergency changes), and maintenance of information systems and related technology requirements.

Testing


To maintain a robust security posture, eDist conducts regular third-party penetration testing and vulnerability scanning of all production and internet-facing systems:

  • eDist has a documented business continuity/disaster recovery (BC/DR) plan and tests it at least annually.
  • eDist requires changes to software and infrastructure components of the service to be authorized, formally documented, tested, reviewed, and approved prior to being implemented in the production environment.
  • eDist performs penetration testing using both internal security engineers and external penetration testing companies to gain a comprehensive and real-world perspective on our products and environment.

Cloud Security


eDist guarantees maximum security by employing a modern, multi-tenant cloud architecture that ensures complete customer isolation:

  • Leveraging the inherent physical and network security features provided by the cloud service, eDist Cloud relies on the cloud service providers to maintain the infrastructure, services, and physical access policies and procedures.
  • All data is encrypted at rest and during transmission to prevent unauthorized access and data breaches.
  • Our data protection aligns with SOC 2 standards, ensuring encryption of data in transit and at rest, safeguarding customer and company data, as well as sensitive information.
  • We enforce role-based access controls, implement the principles of least privileged access, and regularly review and revoke access as necessary.

Compliance


eDist is dedicated to providing secure products and services for managing billions of digital identities worldwide. We obtain independent assurance through external certifications that validate our commitment to customer protection and effective security practices.

SOC 2 Type 2


eDist successfully completed the AICPA Service Organization Control (SOC) 2 Type II audit. The audit confirms that eDist’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security.

Click here to review the Vanta Trust Report.