Gridium security practices

Gridium takes the security of our customers’ data seriously. Our security procedures follow industry-standard best practices to ensure the integrity of the sensitive information with which we are entrusted.

As part of our commitment to data safety and security, we undergo an annual SOC 2 Type II audit, in accordance with the American Institute of Certified Public Accountants (AICPA) standards. We can provide a copy of our latest audit report to interested customers; please reach out to your Gridium account representative directly.

Secure personnel

  • Gridium takes the security of its data and that of its clients and customers seriously and ensures that only vetted personnel are given access to their resources.
  • All Gridium employees undergo background checks prior to being engaged or employed by us in accordance with local laws and industry best practices.
  • Confidentiality or other types of Non-Disclosure Agreements (NDAs) are signed by all employees, contractors, and others who have a need to access sensitive or internal information.
  • We embed the culture of security into our business by conducting employee security training and testing using current and emerging techniques and attack vectors.

Secure development

  • All development projects at Gridium follow secure development lifecycle principles.
  • All development of new products, tools, and services, and major changes to existing ones, undergo a design review to ensure security requirements are incorporated into proposed development.
  • All team members that are regularly involved in any system development undergo annual security training.

Cloud security

  • Gridium deploys third-party penetration testing and vulnerability scanning of all production and internet facing systems on a regular basis.
  • Gridium provides complete customer isolation in a modern, multi-tenant cloud architecture.
    Gridium leverages the native physical and network security features of the cloud service, and relies on the providers to maintain the infrastructure, services, and physical access policies and procedures.
  • All data is also encrypted at rest and in transmission to prevent any unauthorized access.
  • Our entire platform is continuously monitored by an intrusion detection system.
  • We implement role-based access controls and the principles of least privileged access, and review revoke access as needed.