Skip to main content

Security and Privacy

Security is at the heart of what we do. Helping our clients improve their security and compliance starts with our own.

SOC 1 & 2 Type II

Certified

Continuous

Compliance Monitoring

AES-256

Data Encryption

Governance

Governance

Venture360's security team establishes policies and controls, monitors compliance with those controls, and proves our security and compliance to third-party auditors.

01

Access limited to legitimate business need, principle of least privilege

02

Security controls layered per defense-in-depth

03

Controls applied consistently across enterprise

04

Implementation iterative, continuously maturing

Compliance

Venture360 maintains a SOC 1 & 2 Type II attestation. Our SOC 1 & 2 Type II report is available upon request. Venture360 maintains compliance with SOC for Service Organizations.

AICPA SOC for Service Organizations badge

Data Protection

Data at rest

All datastores are encrypted. Sensitive data is protected with field-level encryption to ensure maximum security even in the event of unauthorized access to storage systems.

Data in transit

All data in transit is encrypted using TLS 1.2 or higher. HSTS is enforced across all endpoints. TLS certificates are automatically provisioned and renewed.

Secret management

Application secrets and configuration are managed through secure environment variables scoped to each environment, with access restricted to authorized personnel only.

Security Testing & Verification

Penetration testing

Venture360 commissioned an independent third-party firm to conduct a penetration test of our platform. The assessment did not result in unauthorized access to our systems or data.

Authorization controls

Access control is enforced at the application layer through role-based authorization policies evaluated on every request. Each policy is backed by comprehensive automated test coverage, ensuring least-privilege access is applied consistently and that changes are verified before release.

Conducted by an independent third-party firm
No unauthorized access achieved
Role-based policy evaluated on every request
Comprehensive automated test coverage
Least-privilege access enforced consistently
Changes verified before release

Endpoint Security & Access Management

Endpoint protection

All company devices are continuously monitored for security compliance using Vanta, which verifies that disk encryption, screen lock, operating-system updates, and OS-level malware protection are enabled and current across every device.

Security education

Venture360 provides comprehensive security training to all employees. Every new hire attends a mandatory live onboarding session on key security principles, and all new engineers attend an additional session focused on secure coding practices.

Venture360's security team shares regular threat briefings with employees to inform them of important security and safety-related updates that require special attention or action.

Identity and access management

Venture360 employees authenticate to internal systems using unique, individual credentials, with multi-factor authentication enabled wherever the platform supports it. Access to each system is granted based on role and business need, and is promptly revoked upon an employee's departure.

Vendor security

Venture360 takes a risk-based approach to evaluating vendors. Considerations include:

  • Access to customer and corporate data, integration with production environments
  • Sensitivity of data the vendor can access or process
  • Use of subprocessors and fourth-party dependencies
  • Potential damage to the Venture360 brand

Vendors with access to sensitive data or production environments receive additional scrutiny before adoption.

Questions about our security?

Our security team is happy to discuss our practices and provide additional documentation for your review.

SOC 1 & 2 Type II Certified Continuous Monitoring AES-256 Encryption