- Product Security
- Audit Logs
Artifact collects and monitors audit logs and alerts on key events from production systems, applications, databases, servers, message queues, load balancers, and critical services. Logs are securely stored and archived for a minimum of 1 year to assist with potential forensic efforts, and are made available to relevant team members for troubleshooting, auditing, and capacity planning activities.
- Multi-Factor Authentication
Artifact requires the use of multi-factor authentication for access to company email, version control tool, and cloud infrastructure. When available, multi-factor authentication should be used to enhance the security of access.
- Data Security
- Data Encrypted At-Rest
Artifact requires that data-at-rest be encrypted using strong encryption methods (such as AES-256) and that keys used for encryption are protected to prevent unauthorized disclosure and subsequent fraudulent use. Keys must be rotated based on a number of different criteria such as if the key is compromised or after a specified period of time has elapsed.
- Data Encrypted In-Transit
Artifact uses strong cryptography and security protocols (TLS 1.2+ or a minimally equivalent protocol) to safeguard sensitive data during transmission over open, public networks. Artifact prohibits the transmission of unprotected sensitive data using insecure end-user messaging technologies.
At Artifact, we take your privacy seriously and want to be transparent about our privacy practices. When you use our website or mobile/desktop applications, we may collect certain information about you. This includes personal information, such as your name and contact details, as well as non-personal information like browsing patterns and IP addresses. We use this information to provide you with the products and services you request, to improve our business and services, and to communicate with you about our products, services, offers, and promotions. We also take steps to protect your information from unauthorized access and use.
- Data Removal Requests
Artifact must dispose of customer data within 30 days of a request by a current or former customer or in accordance with the Customer’s agreement(s) with Artifact. Exceptions may apply based on business needs, local situations, laws, and regulations.
- Incident Management & Response
- Incident Response Plan (IRP)
Artifact has a Security Incident Response Plan to provide a systematic incident response process for all Information Security Incidents that affect its information technology systems, network, or data. The plan outlines the steps to be followed in the event of an incident, and Artifact has a Security Response Team consisting of predetermined employees from key departments to manage security incidents.
- Availability & Reliability
- Service Monitoring
Artifact uses service monitoring tools to evaluate the health and performance of its servers and applications by collecting and analyzing data such as server uptime, response times, and resource utilization. This enables Artifact to quickly identify and address issues, minimize downtime, and optimize performance for its customers.
- Organizational Security
- Limited Employee Access (Principle of Least Privilege)
Artifact adheres to the principle of least privilege, which specifies that team members will be given access to only the information and resources necessary to perform their job functions as determined by management or a designee. System access is revoked immediately upon termination or resignation.
- Personnel Screening
All personnel at Artifact are required to complete a background check, which must be reviewed by an authorized member of Artifact in compliance with local laws. This policy applies to all personnel who access or utilize Artifact assets or applications.
1 more topic
- Business Continuity
- Business Continuity Plan
Artifact has a comprehensive Business Continuity and Disaster Recovery Plan in place to safeguard its employees and company assets, ensure the availability of mission-critical services and data, and quickly recover operations in the event of a significant business disaster or disruption. The plan is reviewed and tested annually, and includes measures such as remote work capabilities, backup and retention procedures, alternate communication methods, and three stages of response and recovery.
- Disaster Recovery Plan
Artifact has a Disaster Recovery Plan in place to respond to disasters that may affect its business operations. The plan involves a three-stage process, including the disaster stage where senior management declares a disaster and emergency response measures are initiated, the response stage where the impact of the disaster is assessed and essential services are restored, and the recovery stage where the primary facility is re-established. The plan is reviewed and tested annually and includes measures such as alternate physical locations for employees, reliance on third-party services, backup and retention procedures, and communication methods.
1 more topic
- Threat Management
- Penetration Testing
Artifact conducts periodic penetration testing to identify vulnerabilities in its systems and applications. The testing is performed by an authorized and independent third-party and is governed by a set of rules and procedures to minimize any impact on the production environment.
- Vulnerability Scanning
Artifact conducts risk assessments to identify and evaluate potential threats and vulnerabilities to their systems, applications, infrastructure, and data. The risk assessment process is coordinated by Nathan Sanders, and any critical or high risks identified will be mitigated with action plans that consider contractual agreements, laws, regulations, and standards.
Sign up to view Artifact's Subprocessors
Sign up to see the rest of Artifact's posture and unlock unlimited access.
Unlimited access to the directory allows you to review and compare thousands of security postures sourced from around the web.