A software solution you can trust
We believe protecting your data with the best security features is vital to the Lexop experience. We are committed to ensuring up-to-date security measures are always in place so our customers can have peace of mind.
What is SOC2 compliance?
Service Organization Controls (SOC) for Service Organizations are internal control reports performed by an independent third-party auditor that demonstrate key IT controls are aligned, designed, and applied effectively to its control objectives.
They are based on the American Institute of Certified Public Accountants' (AICPA) existing Trust Services Criteria (TSC) that outline five trust service principles of security, availability, processing integrity, confidentiality, and privacy of customer data as a framework for safeguarding data.
SOC 2 defines the criteria required to maintain robust information security, ensuring we adopt processes relevant to our objectives and operations.
What does Lexop's SOC 2 compliance mean in practice?
1. We regularly monitor for malicious or unexplained activity, document system configuration changes, and check user access levels.
2. We have the infrastructure to recognize threats and alert the appropriate parties so they may take necessary action to protect data and systems from unauthorized access or use.
3. The relevant information on all security incidents is readily available to evaluate the scope, remediate as necessary, and restore data and process integrity.
Operations and features
- Service hosted by PCI-DSS and SOC2 compliant providers (Azure)
- Automated software scanning and vulnerability remediation for any deployed code
- Regular pen-testing and industry-leading security auditing
- In-transit 256-bit HTTPS encryption
- Automated traffic safeguards and monitoring
- Content security policies to restrict any malicious scripting
- Data stored in highly-secured environments
- At-rest AES-256 encryption
- No access to sensitive payment and user information
- SOC2 incident response plan with a dedicated security team
- Highly available and tolerant to outages