Data Security and SOC 2 Compliance
At Prialto, we recognize the importance of confidentiality and enterprise-level security to keep your data secure and meet your compliance requirements. We have infused a comprehensive security infrastructure into Prialto’s service platform to ensure that client information is held in strict confidence, supported by stringent protocols and practices.
Prialto currently uses Drata to help automate the compliance journey, which will ultimately provide dashboard visibility for customers regarding compliance. We use Microsoft Intune/Defender for endpoint management and SumoLogic as our SIEM (security info and event management).
In December 2024 Prialto achieved SOC 2 Type 1 compliance, the main cybersecurity compliance framework (trust services criteria) developed to ensure that third-party service providers store and process client data in a secure manner.
We partnered with a professional third-party auditor, AssuranceLab, to audit systems against more than 80 requirements. The SOC 2 Type 2 compliance audit cycle is currently underway with expected completion by 2025.
Our human security systems include:
- Background Checks: Prialto conducts criminal, credit, and employment background checks on all employees.
- Security Policy: Prialto's security policy (available upon request) includes process guidelines, ethical (“Chinese”) walls, and a process for escalating any security issues immediately. Prialto reviews any incident immediately and this policy overall on a quarterly basis.
- Confidentiality Agreements: Each employee executes nondisclosure agreements directly with Prialto.
- Management: Prialto managers are trained to monitor / coach teammates on proper security procedures.
- Ongoing Training: Prialto ensures each employee is sensitized to client security needs and trained in how to meet those needs. This includes phishing testing and training to provide real-world examples of how to identify threats.
Our information security systems include:
- Endpoint Management: Devices connected to Prialto and client networks are kept up to date with security software and hardware, including tight controls on files and data. Devices are monitored to detect and respond to threats, including ransomware and malware.
- Single Sign-On: Session and end-user authentication.
- Password Management: Prialto has a secure password management infrastructure that secures all logins. Access is based on single sign-on to each employee’s primary account.
- Cloud Security: All core applications are industry-leading, cloud-based platforms based in US data centers with complete backup and redundancy.
- IP Restrictions: Prialto leverages IP login restrictions to limit access to known IP addresses.
Our physical security systems include:
- Security Cards: Our team has key secure key cards / ID cards to access the buildings and/or specific office space.
- Security Guards/Alarms: All international locations have security alarms and guards appropriate to their environments.
- Video Monitoring: Video monitoring is in place to provide an additional layer of security.
- Biometrics: To verify employee identities.
Note: Many employees do work from home on a regular or hybrid basis. Data integrity is maintained with multi-factor authentication on all applications as well as additional security measures.
Read More: What to Know About Virtual Assistant Security Risks