Committed to Keeping You Secure
Businesses say they take your security seriously. We can prove it. Tugboat Logic is the only security assurance company that’s compliant with SOC 2 Type 2 and ISO 27001:2013 security standards.
We’re in the Business of Building Trust
We want to provide you with security assurance and demonstrate that you can trust us. That’s why we’re transparent about our InfoSec program. See for yourself whether we practice what we preach by requesting a copy of our security assurance report.
Attestations and Certifications
SOC 2 Type 2
Tugboat Logic’s SOC 2 Type 2 report validates our security, availability and confidentiality controls.
Get in touch to read our report.
Tugboat Logic’s information security management system meets the requirements of the ISO 27001 standard.
Read our certificate.
Tugboat Logic Attestation Certificate
Tugboat Logic is compliant with the Tugboat Logic Attestation Certificate.
Read our certificate.
Tugboat Logic is compliant with the GDPR.
Tugboat Logic is compliant with the CCPA.
Associations and Memberships
Our Security Operations
We maintain a security and compliance program that reflects—and exceeds industry standards. When it comes to your privacy and security, there’s no such thing as being too careful.
Security and Risk Management Team
Tugboat Logic has specialists dedicated to ensuring our products, infrastructure and operations are always secure.
Security Awareness Training
Employees must complete annual security awareness training to demonstrate they understand industry best practices.
People are the weakest link in any organization. Our policies and procedures empower us to put security first every day, without exception.
User access is restricted by need. Access review is performed regularly to make sure members of our team have the right permissions. All systems are centrally managed by endpoint-management software that enforces security configurations, encryption, security updates and protection.
Unique user IDs, strong passwords and two-factor authentication are required to access our resources, like applications and infrastructure.
Tugboat Logic offers end-to-end data encryption. We use our cloud provider’s key management services for encryption and secure key management.
We’re a multi-tenant application hosted on Amazon Web Services. All customers receive their own platform tenant, where data is inaccessible to other tenants.
Vendor Risk Assessment
We regularly review third-party vendors and suppliers to verify that they comply with our policies and controls.
We conduct external penetration tests annually and vulnerability assessments every quarter. If issues are identified, they’re classified according to risk, analyzed and mitigated.
Our infrastructure is built to protect your data with different control mechanisms.
Tugboat Logic is a SaaS-multi-tenant client-server application hosted on Amazon Web Services. All customers receive their own tenant of the Tugboat Logic Security Assurance Platform and their data is encrypted and logically separated. It is not accessible to other tenants to prevent unauthorized access. Client data locations and data flows are outlined in the diagram below.
The application runs on an EC2 instance and the database supporting the application utilizes AWS RDS. A firewall is in place restricting public access to the application via required ports. AWS S3 is used to store user uploaded files.