Information Security - Trust Report

ELJUN LLC has partnered with VANTA to provide a living Trust Report, which details real-time policy, process, and technical compliance for our information security frameworks. You can view this information by using this link: Trust Report

 
 

Governance

ELJUN LLC’s Security and Privacy teams establish policies and controls, monitor compliance with those controls, and prove our security and compliance to third-party auditors. Our policies are based on the following foundational principles:

  1. Access should be limited to only those with a legitimate business need and granted based on the principle of least privilege.

  2. Security controls should be implemented and layered according to the principle of defense-in-depth.

  3. Security controls should be applied consistently across all areas of the enterprise.

  4. The implementation of controls should be iterative, continuously maturing across the dimensions of improved effectiveness, increased auditability, and decreased friction.

Data at Rest

ELJUN LLC maintains compliance with Data protection best practices, including keeping all data at rest encrpyted. All datastores with customer data, in addition to S3 buckets, are encrypted at rest. Sensitive collections and tables also use row-level encryption. This means the data is encrypted even before it hits the database so that neither physical access, nor logical access to the database, is enough to read the most sensitive information.

Data in transit

ELJUN LLC uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. We also use features such as HSTS (HTTP Strict Transport Security) to maximize the security of our data in transit.

Product security

Penetration testing ELJUN LLC engages with one of the best penetration testing consulting firms in the industry at least annually. Our current preferred penetration testing partner is Kobalt. All areas of the ELJUN LLC product and cloud infrastructure are in-scope for these assessments, and source code is fully available to the testers in order to maximize the effectiveness and coverage.

Security and Compliance at ELJUN LLC

ELJUN LLC maintains a rigorours information security and data protection program, including SOC2 Type 1 and SOC2 Type 2. For additional details, please contact our team with questions at contact@eljunllc.com.