<img src="https://ws.zoominfo.com/pixel/UFH1H1ydGvMVOr12BP8x" width="1" height="1" style="display: none;">

Security & Compliance

Your Data Is Safe With Us

Torii's applications and services are designed with security in mind. Clear procedures and automated controls ensure your data remains protected while you stay in control.

Questions about our security measures?

Email our dedicated security team at security@toriihq.com.

torii_security_header2
Infrastructure Security

Cloud Data Storage

Torii leverages Amazon Web Services for hosting and compute power. Amazon maintains and demonstrates SSAE-16 SOC 1, 2 and 3, ISO 27001 and FedRAMP/FISMA reports and certifications. Web servers and databases run on servers in secure data centers.

Torii-SecurityPage-icon-cloud-data-storage
Infrastructure Security

Backups

To maintain a robust disaster recovery strategy, Torii leverages Amazon Aurora automated daily backups which allows us secure backups as well as quick recovery. We test our backup recovery regularly.

Torii-SecurityPage-icon-backups
Infrastructure Security

Encryption

All data stored in the Service is encrypted both in transit and at rest. Database instances, including read replicas and backups, are encrypted using the industry standard AES-256 encryption algorithm. Encryption is enforced via TLS to all data in transit.

Torii-SecurityPage-icon-encryption
Application Security

Authentication

Torii authenticates all users with a unique ID and password. All Torii user passwords are encrypted and salted using Bcrypt. Access to Torii restricted API resources are always authenticated.

Torii-SecurityPage-icon-authentication
Application Security

SAML & MFA

Torii supports SAML 2.0 authentication, allowing customers to implement Single Sign-On (SSO) with their own access policies, including whitelisting and multi-factor authentication (MFA). Customers may also integrate user authentication with their own policy store (e.g., Active Directory).

Torii-SecurityPage-icon-SAMLMFA
Information Security Controls

Confidentiality

All Torii employees and contractors sign confidentiality agreements upon commencing work for Torii.

Torii-SecurityPage-icon-confidentiality
Information Security Controls

Training Programs

Torii employees and contractors are trained upon hire and no less than annually thereafter regarding confidentiality, data security, and data handling practices.

Torii-SecurityPage-icon-training-programs
Information Security Controls

Role-Based Access Controls

Administrative access to our production environment is limited to a restricted number of individuals. Access to additional individuals is given only in extreme circumstances, for a specific purpose, and is limited in duration. Such access to these additional individuals is given only after the explicit approval of the security team. User access is evaluated on a quarterly basis and revoked upon termination.

Torii-SecurityPage-icon-role-based-access
Information Security Controls

Vendor Management
Program

Torii reviews the security and privacy practices of potential vendors to ensure their standards meet or exceed our own.

Torii-SecurityPage-icon-vendor-management
Information Security Controls

Business Continuity and Disaster Recovery

Torii has implemented business continuity and disaster recovery policies designed to secure your data even in the event of a disaster. We review our policies no less than annually.

Torii-SecurityPage-icon-business-continuity-disaster
Information Security Controls

Logging and Monitoring

Torii has implemented monitoring across all components in the architecture. Alerts are generated and sent to relevant stakeholders using internal communications platforms based on predefined rules. The notifications are reviewed and processed based on their level of urgency / priority.

Torii-SecurityPage-icon-logging-monitoring
Information Security Controls

Vulnerability Scanning and Penetration Testing

Torii performs at least one penetration test per year, which is conducted by accredited and completely independent information security companies. Vulnerabilities, if found, are addressed as part of our Risk Management Policy. 

Torii-SecurityPage-icon-vulnerability-scanning-pen
Information Security Controls

Endpoint Scanning

All employees and contractor laptops are equipped with software to scan for malicious threats.

Torii-SecurityPage-icon-endpoint-scanning
Information Security Controls

Annual Third-Party Audits

Torii undergoes annual independent SOC 2, Type II audits for security, availability, and confidentiality.

Torii-SecurityPage-icon-third-party-audits
soc2_logo-15f206efe8f4d3fc9780a97f02a8e169

SOC 2 Type II

Torii is SOC 2 Type II certified, confirming that the product and services Torii provides are mature, robust, and secure, and that we are actively creating an organization that supports these goals.
It also means that our software development processes and practices meet required levels of oversight and monitoring, so that we can proactively monitor, identify and address any unusual activity, remediate it with deep contextual insight, and take corrective action, if and when it is needed.

gdprCompliance_logo-7e7046a4e1d069d06ed6e4cfbdb4a380

GDPR

With customers in nearly every country around the world, we adhere to the General Data Protection Regulation (GDPR) expanding the privacy rights granted to European individuals.
We proactively look at and constantly improve processes related to personal data privacy protection in compliance with legal and contractual obligations for GDPR compliance.

Your Privacy Matters to Us

Torii knows data privacy is important. That’s why we design our products and services with your privacy in mind, and why we are committed to providing you with the information you need about how we handle personal data. Questions about our privacy measures that we didn’t address above? Check out the links below, or email us at privacy@toriihq.com.

PRIVACY NOTICE | COOKIES NOTICE