Redfish Labs, Inc. dba Torch Leadership Labs
Redfish Labs, Inc. dba Everwise
Last Updated on December 09, 2021
At Torch, we value our customers’ privacy and security and pledge to continuously improve our posture and effectiveness in this regard. Our approach to security is designed to protect both our customers and their end-users from malicious attacks and unauthorized access to data. We are committed to providing a highly secure and reliable cloud environment. Our information security program is based around industry-recognized standards such as SOC2, CIS, PrivacyShield, GDPR, OWASP, and 12Factor.
Torch provides a highly resilient cloud infrastructure using AWS as a cloud provider. Our infrastructure is deployed in multiple availability zones to ensure 99.5% uptime. We have daily automatic backups that are configured for cross-region replication. Our customers can rest assured that in the event of any disaster, their data will be available.
Security of AWS infrastructure is an inherited control from the shared responsibility model between Torch and AWS. AWS infrastructure in the US East and US West regions implement strict standards that meet NIST 800-53 / FedRAMP standards.
Torch employs encryption at all levels of our technology stack:
All web access to our system uses modern, up-to-date SSL and TLS encryption methods.
All intra-system messaging uses SSH and SCP encryption methods.
All archives and backups are protected using 256-bit encryption.
Access and encryption keys are managed under strict access controls and are refreshed on a scheduled basis.
All data in transit and at rest are encrypted using up-to-date encryption methods.
Torch defines production infrastructure as the network, cloud computing instances, containers, and databases, including other smaller services that support, run, or secure our platform. We have implemented controls to design every layer of our infrastructure; to summarize:
Intelligent threat detection and protection
Web traffic filtering
Centralized management of all cloud infrastructure accounts and resources
Automated, continuous, security checks against best practices
Daily encrypted database backups, configured for cross-regional replication
Automated vulnerability scans
Comprehensive and centralized logging across all AWS accounts and resources
Torch employs best practices for SaaS development. Our platform is designed with the 12Factors of Saas Development in conjunction with OWASP Top 10. Our CI/CD pipeline includes automated and continuous static code analysis, dynamic code analysis, peer review, and change control process.
Torch will continue to improve our processes, procedures, and policies to maintain our customers’ privacy and security. To support these efforts we conduct third-party penetration tests and third-party audits from industry leaders.
3rd Party Penetration Test: TBD (requires NDA or signed MSA)