Security

How we protect your data

Our Commitment

As a PCI compliance provider, security is fundamental to everything we do. We implement rigorous security measures to protect your data and maintain the integrity of our scanning infrastructure.

Infrastructure Security

Cloud Infrastructure

  • Hosted on Google Cloud Platform with SOC 2 Type II certification
  • Geographically distributed infrastructure for redundancy
  • Network isolation and firewall protection
  • DDoS mitigation and traffic filtering

Access Controls

  • Role-based access control (RBAC) for all systems
  • Multi-factor authentication required for all staff
  • Principle of least privilege enforced
  • Regular access reviews and audits

Data Protection

Encryption

  • TLS 1.3 for all data in transit
  • AES-256 encryption for data at rest
  • Secure key management with hardware security modules

Data Handling

  • Scan results stored in isolated, encrypted databases
  • Automatic data retention policies
  • Secure deletion when data is no longer needed
  • No storage of payment card data

Application Security

  • Secure development lifecycle (SDLC) practices
  • Regular code reviews and security testing
  • Dependency scanning and vulnerability management
  • Web application firewall (WAF) protection
  • Rate limiting and abuse prevention

Monitoring & Response

  • 24/7 security monitoring and alerting
  • Centralized logging and audit trails
  • Incident response procedures and playbooks
  • Regular security drills and tabletop exercises

Compliance

We maintain compliance with industry standards including:

  • PCI DSS as an Approved Scanning Vendor (ASV)
  • SOC 2 Type II
  • GDPR data protection requirements

Employee Security

  • Background checks for all employees
  • Security awareness training
  • Confidentiality agreements
  • Clean desk and device policies

Vulnerability Disclosure

We welcome responsible disclosure of security vulnerabilities. If you discover a security issue, please report it to:

support@beyondpci.com

We commit to acknowledging reports within 24 hours and working with researchers to address issues promptly.

Questions

For security-related inquiries or to request our security documentation, contact:

support@beyondpci.com