Committed to Keeping You Secure

Businesses say they take your security seriously. We can prove it. Tugboat Logic is the only security assurance company that’s compliant with SOC 2 Type 2 and ISO 27001:2013 security standards.

Committed to Keeping You Secure

Security Assurance

We’re in the Business of Building Trust

We want to provide you with security assurance and demonstrate that you can trust us. That’s why we’re transparent about our InfoSec program. See for yourself whether we practice what we preach by requesting a copy of our security assurance report.

Read Report
We’re in the Business of Building Trust

Attestations and Certifications

Tugboat Logic is regularly audited by third-party organizations to ensure we’re compliant with some of the industry’s most rigorous security standards and privacy regulations.

SOC 2 Type 2

Tugboat Logic’s SOC 2 Type 2 report validates our security, availability and confidentiality controls.
Get in touch to read our report.

ISO/IEC 27001:2013

Tugboat Logic’s information security management system meets the requirements of the ISO 27001 standard.
Read our certificate.

Tugboat Logic Attestation Certificate

Tugboat Logic is compliant with the Tugboat Logic Attestation Certificate.
Read our certificate.

GDPR

Tugboat Logic is compliant with the GDPR.

CCPA

Tugboat Logic is compliant with the CCPA.

Associations and Memberships

IAPP logo

Security

Our Security Operations

We maintain a security and compliance program that reflects—and exceeds industry standards. When it comes to your privacy and security, there’s no such thing as being too careful.

Security and Risk Management Team

Tugboat Logic has specialists dedicated to ensuring our products, infrastructure and operations are always secure.

Security Awareness Training

Employees must complete annual security awareness training to demonstrate they understand industry best practices.

Security Culture

People are the weakest link in any organization. Our policies and procedures empower us to put security first every day, without exception.

Access Management

User access is restricted by need. Access review is performed regularly to make sure members of our team have the right permissions. All systems are centrally managed by endpoint-management software that enforces security configurations, encryption, security updates and protection.

Two-Factor Authentication

Unique user IDs, strong passwords and two-factor authentication are required to access our resources, like applications and infrastructure.

Data Encryption

Tugboat Logic offers end-to-end data encryption. We use our cloud provider’s key management services for encryption and secure key management.

Data Hosting

We’re a multi-tenant application hosted on Amazon Web Services. All customers receive their own platform tenant, where data is inaccessible to other tenants.

Vendor Risk Assessment

We regularly review third-party vendors and suppliers to verify that they comply with our policies and controls.

Penetration Testing

We conduct external penetration tests annually and vulnerability assessments every quarter. If issues are identified, they’re classified according to risk, analyzed and mitigated.

Security Infrastructure

Our infrastructure is built to protect your data with different control mechanisms.

Tugboat Logic is a SaaS-multi-tenant client-server application hosted on Amazon Web Services. All customers receive their own tenant of the Tugboat Logic Security Assurance Platform and their data is encrypted and logically separated. It is not accessible to other tenants to prevent unauthorized access. Client data locations and data flows are outlined in the diagram below.

TBL-Infrastructure-Diagram

The application runs on an EC2 instance and the database supporting the application utilizes AWS RDS. A firewall is in place restricting public access to the application via required ports. AWS S3 is used to store user uploaded files.

Want to Learn More?

Transparency and trust are central to what we do at Tugboat Logic. For more information on how we manage security, privacy and compliance, please see our privacy policy below or feel free to contact us.

Privacy Policy Contact Us