Our operations are designed with security in mind, from our handling of sensitive customer data such as vulnerabilities, to the code release, upgrade, patch management, and operational security practices incorporating relevant security, policy, and evaluation frameworks such as OWASP, ISO 27001, NIST 800 series, and other best practices and meaningful standards.
We are hosted across multiple, independent PCI DSS Level 1 and ISO 27001-certified, SSAE 16-audited service providers with strong physical security (and no public datacenter access) such as Amazon Web Services.
Multi-factor: Our SaaS platform provides multi-factor authentication capabilities to our clients as an enhanced security measure. Single-sign-on (SSO) integration is available to integrate with enterprise identity providers via SAML 2.0.
ISO 27001 is the international standard that describes best practice for an information security management system (ISMS) to take a systematic approach to managing confidential information so that it remains secure.
Synack complies with the U.S.-E.U. and U.S.-Swiss Privacy Shield frameworks as set forth by the U.S. Department of Commerce (the “Privacy Shield”) regarding the collection, use, and retention of personal data (as defined by the Privacy Shield) from the European Union and Switzerland. To learn more about the Privacy Shield principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement, please visit https://www.privacyshield.gov/welcome.
See our Privacy Shield certification by clicking here.
To report a security vulnerability, please visit synack.responsibledisclosure.com.
A successful submission may result in an invitation to join the Synack Red Team.