Redfish Labs, Inc. dba Torch Leadership Labs
Redfish Labs, Inc. dba Everwise

Information Security

Last Updated on December 09, 2021

 

Security Statement

At Torch, we value our customers’ privacy and security and pledge to continuously improve our posture and effectiveness in this regard. Our approach to security is designed to protect both our customers and their end-users from malicious attacks and unauthorized access to data. We are committed to providing a highly secure and reliable cloud environment. Our information security program is based around industry-recognized standards such as SOC2, CIS, PrivacyShield, GDPR, OWASP, and 12Factor.

 

Private Cloud

Torch provides a highly resilient cloud infrastructure using AWS as a cloud provider. Our infrastructure is deployed in multiple availability zones to ensure 99.5% uptime. We have daily automatic backups that are configured for cross-region replication. Our customers can rest assured that in the event of any disaster, their data will be available.

Security of AWS infrastructure is an inherited control from the shared responsibility model between Torch and AWS. AWS infrastructure in the US East and US West regions implement strict standards that meet NIST 800-53 / FedRAMP standards.

AWS Shared Responsibility Model
AWS NIST 800-53

 

Encryption Standards

Torch employs encryption at all levels of our technology stack:

  • All web access to our system uses modern, up-to-date SSL and TLS encryption methods.

  • All intra-system messaging uses SSH and SCP encryption methods.

  • All archives and backups are protected using 256-bit encryption.

  • Access and encryption keys are managed under strict access controls and are refreshed on a scheduled basis.

  • All data in transit and at rest are encrypted using up-to-date encryption methods.

 

Infrastructure Security

Torch defines production infrastructure as the network, cloud computing instances, containers, and databases, including other smaller services that support, run, or secure our platform. We have implemented controls to design every layer of our infrastructure; to summarize:

  • DDoS Protection

  • Intelligent threat detection and protection

  • Web traffic filtering

  • Centralized management of all cloud infrastructure accounts and resources

  • Automated, continuous, security checks against best practices

  • Daily encrypted database backups, configured for cross-regional replication

  • Automated vulnerability scans

  • Comprehensive and centralized logging across all AWS accounts and resources

 

Application Security

Torch employs best practices for SaaS development. Our platform is designed with the 12Factors of Saas Development in conjunction with OWASP Top 10. Our CI/CD pipeline includes automated and continuous static code analysis, dynamic code analysis, peer review, and change control process.

12Factor
OWASP Top 10

 

Continuous Improvement

Torch will continue to improve our processes, procedures, and policies to maintain our customers’ privacy and security. To support these efforts we conduct third-party penetration tests and third-party audits from industry leaders.

SOC2: TBD
SOC3: TBD
3rd Party Penetration Test: TBD (requires NDA or signed MSA)

 

Questions? 

Contact