Pactum
Welcome to Pactum Trust Center.
Pactum is committed to ensuring the confidentiality, integrity, and availability of your data. We have an Information Security Program in place that is communicated throughout the organization. Our Information Security Program follows the criteria set forth by the SOC 2 Framework. SOC 2 is a widely known information security auditing procedure created by the American Institute of Certified Public Accountants.
Frequently Asked Questions
Quick Summary
Third-Party audits
Third-Party penetration testing
Security awareness training
Qualys SSL Labs security grade A+ Link
Vendor risk management
Disaster recovery plan
Responsible disclosure program Link
Privacy policy Link
Quarterly access reviews
Cloud infrastructure security Link
Centralized IAM solution to manage employee access
Uptime statistics Link
Resources
Information Security Policy
Data Retention and Disposal Policy
Change Management Policy
Risk Assessment and Treatment Policy
Business Continuity and Disaster Recovery Plan
SOC 2 Type 2 Report 2024
Penetration Test Report 2024
Information on the General Conditions of the AI Service at Pactum
Large Language Models at Pactum
Customer Data Usage at Pactum
Compliance
Monitoring
Continuously monitored by Secureframe
FAQs
Where is the service hosted?
Service is hosted in our GCP data center located in US or EU. They employ a robust security program with multiple certifications. For more information on our provider’s security processes, please visit GCP Security page: https://cloud.google.com/security
How is data encrypted?
All data in transit and at rest is encrypted using industry standard solutions (TLS 1.2 or above, AES-256).
Do you support Single Sign On?
Pactum supports different SSO integrations. SAML is the preferred option due to its more robust security and control over user sessions compared to other similar integrations.
Do you conduct a Business Continuity tests?
We have a BCDR policy which is reviewed and tested annually.
What training and awareness programs are in place for your employees?
We have a mandatory security training program in place for all employees upon joining, and it is required to be retaken annually.
How often do you conduct vulnerability assessments?
We run continuous vulnerability checks. SAST and DAST scans are ran periodically and third party penetration tests are conducted.
What are your policies regarding data retention and deletion?
We retain the data for the duration of the agreement unless there are legal or regulatory requirements to retain some data for longer.
How do you ensure the security of third-party vendors and subcontractors?
We ensure the security of third-party vendors and subcontractors go through our formal Vendor management process. All new vendors and subcontractors are subjected to our information security and data privacy risk assessments. Moreover, we conduct an annual review of all vendors and subcontractors who process customer data.
Do you follow a Secure Software Development Lifecycle (SSDLC)?
Yes, secure coding practices are integrated into our Secure Software Development Lifecycle (SSDLC). Our engineers define security requirements at the early stages of the SSDLC and then assess for compliance with those requirements. They are also tasked with reviewing the OWASP top 10 web application security risks.