Security Program Overview
Copia Automation is dedicated to providing best-in-class security for our customers. We understand that the files stored with us represents important IP, oftentimes critical infrastructure or production processes. As such, we utilize a secure-by-design methodology to create a strong foundation that's reinforced with defense in depth.
Here are some highlights of our security program:
- Compliance. We are SOC 2, Type 2 and SOC 3 compliant.
- Access Controls. We offer our clients the ability to use Single Sign-On (SSO) and/or Multi-Factor Authentication (MFA).
- Encryption. We encrypt all data-at-rest and data-in-transit, as well as backups, by leveraging AWS's cloud solutions.
- Backup & Recovery. Copia's designed to consistency achieve 99.7% availability with a 1 hour Recovery Time Objective (RTO) and Recovery Point Objective (RPO). Backups are testing on an annual basis.
- Auditing. We have Security Information & Event Management (SIEM) to monitor logs from various Copia systems to detect suspicious activity and enable timely response.
- Third-Party Penetration Testing. We perform annual third-party penetration testing on our web applications and API endpoints.
Resources
SOC 2 Type 2
A SOC 2 Type 2 Report is a Service Organization Control (SOC) audit on how a cloud-based service provider handles sensitive information. It covers both the suitability of a company's controls and its operating effectiveness
SOC 3
A System and Organization Controls 3 (SOC 3) report outlines information related to a service organization's internal controls for security, availability, processing integrity, confidentiality and privacy.
Penetration Tests
Copia's annual third-party penetration test results
Copia Policies
Copia's corporate security policies
Monitoring
Subprocessors
Amazon Web Services
AWS serves as our primary cloud hosting solution. It provides secure, scalable infrastructure for storing, processing, and managing customer data.
Datadog
Datadog is a monitoring and analytics platform. It helps us oversee system performance and troubleshoot issues, ensuring a secure and efficient processing environment.
GitHub
GitHub is our code repository platform. It stores and manages the source code for our applications, including versions and change history, helping to track and audit changes.
Cloudflare
Cloudflare serves as our web performance and security platform. It provides DDoS protection, SSL encryption, and content delivery, safeguarding our web applications and data.
Slack
Slack is our internal communication tool. It facilitates real-time messaging and document sharing among team members, aiding in efficient and compliant data sharing practices.
Google Workspace
oogle Workspace serves as our e-mail and document storage provider. It offers secure, cloud-based platforms like Gmail and Google Drive, enabling efficient communication and document management in compliance with data regulations.
WorkOS
WorkOS serves as our solution that enables Copia to provide SSO for our customers
HEX
Data visualization solution for product usage metrics
Clickup
Clickup serves as Copia's ticket management system