Meets the highest industry standards.
SOC 2 Type II Certified
The most comprehensive independent assessment that our system is designed to keep our customers’ sensitive data secure. It is based on the AICPA’s Trust Services Criteria and is issued annually in accordance with the AICPA’s AT Section 101 (Attest Engagements).
Doublefin contracts with third-party expert firms to conduct independent internal and external network, system, and application vulnerability assessments on a recurring basis. This includes, but is not limited to, OWASP top 10.
Cyber risk assessment
CyberGRX conducts cyber risk assessments to measure the overall maturity of Doublefin’s security program and the existence of controls and sub controls. The assessment provides a detailed account of the organizational security maturity and completeness of control/subcontrol implementation.
Serious about security.
By default, Doublefin encrypts data at rest and in transit. We provide tools that give you further visibility and control including fine grained access controls and audit logs.
Securing your information starts with identity controls. Doublefin allows you to manage users, streamline authentication using your identity provider, and assign roles and permissions so that only the right people can access your company’s information.
Employees receive ongoing security, privacy, and compliance training from the moment they start. Only authorized employees have access to our production infrastructure. Access to customer data is limited to authorized employees only on an as-needed basis to provide support and troubleshooting on the customer’s behalf.
To protect against loss, Doublefin runs regular automatic backups of your data that are encrypted and stored securely. We support both point-in-time recovery and full restore. We can quickly spin up a new copy in another data center in case of a disaster.