Security matters.

 

Certified SOC 2 Type 2 Compliant

Customer data is protected using rigorous and closely monitored internal practices.  Gradient MSP is certified as SOC 2 Type 2 compliant under the AICPA Service Organization Control framework, targeting the trust services criteria of Security, Privacy, and Confidentiality.  Our security policies and standards, and SOC 2 Type 2 compliance status are verified annually through external third-party audits.

Identity

Identity and Access Management Standards

Unique system accounts are required to access any of Gradient'supporting infrastructure. User accounts are unique and identifiable to an individual user. Access to privileged accounts on the databases and servers supporting the application is restricted to authorized personnel based on job responsibilities. 

Gradient MSP Inc. enforces access to the supporting infrastructure through a combination of password and multi-factor authentication mechanisms to production environments. Password standards have been established that are enforced globally for all internal users and external users.

platform

Gradient Platform Access and Authentication

The Gradient MSP platform is accessible to all approved user organizations and internal users. All client sessions to the platform are encrypted through TLS/HTTPS tensure security and confidentiality commitments.  All sessions are logged and monitored, and firewall rules are reviewed quarterly. Gradient MSP has implemented robust encryption technologies to protect communications and the transmission of data. Confidential data transmitted through the Gradient is secured and protected using various access control and encryption technologies. Gradient's products' authentication is managed through Microsoft SSO or Google SSO utilizing their underlying MFA policies. Authentication is also available by using a secure expiring one-time access link via email (Magic Link). 

network

Hosting Infrastructure and Network Architecture

Gradient MSP's platform is maintained on the Amazon Web Services (AWS) Cloud platform. We rely on the appropriate physical and logical security controls at the corresponding AWS facility to protect equipment and information from unauthorized access. Confidential data transmitted through the Gradient is secured and protected using various access control and encryption technologies.  

Gradient's applications and cloud storage run on the Amazon Web Services (AWS) cloud computing infrastructure. The AWS cloud infrastructure hosting Gradient's system architecture has been certified to meet the third-party attestations and certifications of SOC 2, ISO 27001, GDPR, HIPAA, and FIPS 140-2. Gradient MSP's applications are hosted within the us-east-2 region utilizing multiple availability zones to maximize uptime and provide the fastest response time to our partners. The primary database is replicated in real-time into secondary and tertiary databases for backup and redundancy purposes. 

encryption

Penetration Testing & Encryption

Gradient MSP performs annual 3rd party penetration testing. Cobalt Labs conducts a gray box penetration test of the Gradient Web + API application to assess the risk posture and identify security issues that could negatively affect Gradient MSP's data, systems, or reputation.

These pentests manually assess the security of the application's functionality, business logic, and vulnerabilities. The assessment also includes a review of security controls and requirements listed in the OWASP Application Security Verification Standard (ASVS).

Data transmission is secured using TLS 1.2 SHA-256 with RSA 2048 to encrypt all data transport to and from Gradient'cloud infrastructure 

The complete story.

If you'd like to review a comprehensive list of our security policies and practices, please fill out the form to request a copy of our security statement.

 

Security Guard

 

Download our security statement