Data protection
- Encryption in transit (TLS) and encryption at rest where supported.
- Access controls with least-privilege principles.
- Defined retention and deletion workflows.
Security and Privacy Controls
We operate a security and privacy baseline built for enterprise and big tech expectations: compliance programs, audit-ready evidence, and production workflows.
Operational controls
- Change management records for production-impacting work.
- Incident response playbooks and escalation workflows.
- Periodic access and configuration reviews.
Security control domains
Access and identity
- Least-privilege role assignment for operational workflows.
- Documented onboarding and offboarding procedures.
- Periodic review of privileged access paths.
Infrastructure and data handling
- Encryption in transit and at rest where supported.
- Backup and recovery standards aligned to service criticality.
- Retention and deletion controls based on contractual requirements.
Operational assurance
- Change records for production-impacting updates.
- Incident response runbooks with escalation ownership.
- Evidence traceability for readiness and external audit workflows.
Vulnerability disclosure
To report a vulnerability, contact security@certifyops.com. We investigate reports and coordinate mitigation updates based on severity.
See also Privacy Policy and Terms.