High-Level Security

Enterprise-Grade Security for Your Data

Copado protects your data with an ironclad security framework, internal and external audits, penetration testing and a team of cybersecurity experts. Discover our enterprise-grade security policies, procedures and controls.

Our Certifications

Control Environment

  • Copado maintains ISO 27001 and SOC 2 Type 1 certification and attestation examinations, performed annually by an independent audit firm
  • Copado has attained FedRAMP In-Process status and is expecting ATO later this year

Physical Security

Our cloud data centers have the highest standards for data privacy and security. Controls are in place at the perimeter, infrastructure, and environmental layers to ensure strong physical protection, and are audited regularly to ensure they comply with various security certifications and standards. In addition, Copado reviews these security certifications annually to ensure standards are properly maintained.

Application and Network Security

  • All software releases and new features are reviewed and tested before release, according to our change management procedures
  • Our testing and staging environments are separate from production environments, and no actual customer data is ever used for testing
  • We have automated vulnerability scans that run at regular intervals, and are addressed according to our vulnerability management process
  • A third party auditor performs annual penetration testing
  • Automated monitoring, logging, and system alerts are in place
  • We control our role based, least privilege system access (including granting and revoking), and formally review all admins and users quarterly

Encryption

Customer data is encrypted in transit and at rest, and within our databases.

Availability

  • We perform regular backups of data, and backup testing is performed annually
  • We maintain documented incident response and disaster recovery policies and procedures, and testing as well as team training is performed annually
  • We undergo annual third party penetration testing
  • We have a dedicated Security Compliance team that implements and monitors our security framework and controls
  • The Copado security framework consists of policies, procedures and controls that align toISO 27001, SOC 2, FedRAMP and GDPR requirements
  • We utilize third-party, cloud-based data centers, which maintain network architecture and data layer controls that meet the requirements of the most security-sensitive organizations. The data centers have several security-related certifications, including ISO 27001, SOC 2, FedRAMP, HIPAA, NIST, and several others
  • Our employees attend security awareness training upon hire and annually, and are required to adhere to our code of conduct
  • Annual risk assessments are performed to ensure we are addressing current as well as emerging risks
  • We follow change management procedures for all changes to the organization and the Copado platform

Downloadable Reports

SOC 2 Type 1 Report

Restricted use report that describes the systems and security and confidentiality controls that are in place to protect data.

Download Now
ISO 27001 Certificate

Certificate that was obtained through a third party audit against the international security standard relating to managing information security.

Download Now

Get Better Security

For anonymous Security or Privacy comments, questions or complaints, you may call our toll free telephone number: 1-(888) 210-4282

For any other questions, contact us here.