Security Statement

Effective as of November 2019.

Strigo is committed to the security of your data. We use a variety of industry-standard security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. You also have several security controls available within Strigo.

Overview

To protect your information, data is:

  • Transmitted via HTTPS and WSS.
  • Accessed through the password-protected Strigo website or via APIs that require token authentication.
  • Stored in an ISO 27001 and FISMA certified data center.

Access Control

Users can access the Strigo application by visiting https://app.strigo.io via a web browser. All data is sent via HTTPS. Website access is available via username and password authentication or by SSO.

Strigo uses an industry-standard, encrypted token for session-level authentication. Strigo user passwords are stored in an industry-standard, encrypted hash format. Strigo enforces an automatic session timeout after a fixed period of inactivity.

Customers can access only the data for their own organization. Organizations can grant access to users by inviting them into Strigo.

Strigo Employee Access

Strigo personnel access customer data only on a need-to-know basis for support purposes. All support personnel has signed Non-Disclosure Agreements, and no changes are ever made to an account without prior approval from the customer.

Access of Strigo personnel to sensitive internal services is governed by a 2FA policy.

Software Development Lifecycle

of automated tests, a process of automatic vulnerability analysis, and are then manually reviewed. When code changes pass the automated processes, the changes are first pushed to staging servers wherein Strigo employees test the changes before an eventual push to the production servers and to the customer base. A specific security review is also added for particularly sensitive changes.

Scalability/Reliability of Architecture

Strigo data centers are hosted on Amazon Web Services (AWS). The IT infrastructure that AWS provides is designed and managed in alignment with security best practices, including the following IT security standards:

  • SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70)
  • SOC 2
  • SOC 3
  • FISMA, DIACAP, and FedRAMP
  • DOD CSM Levels 1-5
  • PCI DSS Level 1
  • ISO 9001 / ISO 27001
  • ITAR
  • FIPS 140-2
  • MTCS Level 3

Physical access to the data centers is strictly controlled both at the perimeter and at building ingress points by professional security staff, using video surveillance, state of the art intrusion detection systems, biometric locks, and other electronic means.

Data stored in Strigo’s database is encrypted at rest.

For more information, refer to the AWS Security White Paper.

The database is replicated synchronously so that we can quickly recover from a database failure. As an extra precaution, we take regular snapshots of the database so that we can restore them as needed.

Availability

We are committed to making Strigo consistently available to you. Our systems are constantly monitored to keep your work uninterrupted. You can always monitor our availability on our status page.

Want to report a security concern?

Email us at security@strigo.io.