SECURITY FAQ

The Picus Trust Center is a centralized resource, which is created to inform you about our corporate policies and practices, legal information and materials that explain how Picus Security complies with security and privacy fundamentals.

Picus holds ISO/IEC 27001:2013, ISO/IEC 22301:2019 and ISO/IEC 20000-1:2018 certificates and AICPA SOC 2 Type 1 & 2 reports.

You can submit your request here.

Picus has ISO/IEC 27001:2013 certification and conducts its processes within an Information Security Management System under this international standard. The Information Security Policy is approved by Picus’ Senior Management team and announced to employees and relevant external parties.

Picus is committed to maintaining the privacy, security and transparency of your personal information. It implements appropriate technical and organizational measures in order to ensure confidentiality, availability, integrity and safety of your personal data. All user related data collection processes have privacy at the center by design and by default.

Our security measures include data encryption at rest and in transit, authentication and authorization controls, web application firewalls, protection against malicious softwares and periodic backups.

To learn about our corporate security practices in detail, please click here.

 

Yes, Picus conducts third-party risk assessments on a regular basis and continuously monitors the third parties which provide critical services to the business. It should be noted that no third-party vendors have system administration level privileges to Picus services.

Picus processes very limited personal data within its business purpose.

Personal data processed within Picus products are as follows:

• Identity information: Customer name and surname, company name
• Contact information: Email address, country
• Technical Data: Login time, Device-OS-Browser Information, IP address, etc.

Please note that the purpose of processing the mentioned technical data is to analyze trends, improve customer satisfaction and the performance of the platform.

For the personal data collected by the use of our Website and other services, please refer to our Privacy Policy and Cookie Policy.

The data hosted on the Picus Platform is encrypted using the industry-standard AES 256 algorithm. Each customer data in production is isolated in database and data storage buckets. In addition, all the corporate security practices implemented reflect the high significance Picus attaches to data protection and user privacy.

Picus products are hosted in AWS by default and all data stored at rest is encrypted with AES 256 algorithm.

Picus retains your personal data only for the period necessary to provide its services, fulfill its business purposes, or comply with legal and regulatory retention requirements. In this context, if there is no reason to retain relevant personal data, it is permanently deleted.

You can click here to submit your request.

Picus’ Customer Success and Technical Assistance Center (TAC) teams have communication channels with our customers for providing support and highlighting urgent issues. In the event of a data breach, our customers and any affected parties will be informed, and the necessary actions will be taken in response.

Customer data at-rest is encrypted using the industry-standard AES 256 algorithm. For data in transit, Picus supports the use of TLS 1.2 protocols, AES 256 encryption, and SHA2 signatures, whenever supported by the clients.

In terms of its infrastructure and business processes, Picus obtains cloud services from various vendors. All cloud services are obtained under Non-Disclosure Agreements and/or Confidentiality Agreements. Picus does not share its customer data with its vendors. In addition, under third-party risk management processes, Picus monitors its vendors through audits, reviews of their standardized assessment reports, certifications, or other appropriate processes in order to confirm they are meeting their contractual obligations and applicable legal requirements.

Please click here to submit a vulnerability.

For your questions, comments or feedbacks related to security, privacy and compliance, please contact us at security@picussecurity.com.