- SOC 2 Type I
Customer security is the highest priority to Cypress. To ensure that Cypress provides customers with the highest levels of quality and security of services, Cypress performs audits and maintains SOC2 Type 1 compliance.
- Role-Based Access Control (RBAC)
- GitHub SSO
- Google SSO
- SAML SSO
- Data Encrypted At-Rest
- Data Encrypted In-Transit
All Cypress traffic is transmitted over TLS1.2 encrypted HTTPS with the latest industry-standard ciphers.
- Passwords Encrypted
System passwords are encrypted using AWS KMS with restricted access to specific production systems.
- Incident Response Plan (IRP)
As a part of the Cypress Incident Response policy, the incident response team responds to all security incidents. The incident response team maintains runbooks to facilitate decision making and ensure smooth incident handling. Security incidents are published on the Cypress system status webpage as well as communicated directly to our paid customers.
Availability & Reliability
- Status PageStatus Page
- Employee Background Checks
All new employee hires must pass a background check.
- Employee Security Training
All employees participate in security awareness training. Engineers receive additional security training covering the OWASP Top 10 security issues.
- Limited Employee Access (Principle of Least Privilege)
- Data Backups
- ISO 27001 - Data Center
- PCI-DSS - Data Center
- SOC 2 - Data Center
- NamePurposeLocationData hostingUnited States