SOC 2 is a globally recognized auditing standard for service organizations that demonstrates adequate controls and processes. Estateably in the process of obtaining SOC 2 Type 1 to be completed by the end of 2020, with the SOC 2 Type 2 audit to be completed inf 2021. Estateably’s SOC 2 report will cover the trust services principles and criteria security and availability. A copy of the most recent audit report will be made available to customers upon request.
All of Estateably’s services are hosted by Google Cloud Platform (GCP) facilities in Canada. Services are distributed across multiple GCP availability zones. These zones are hosted in physically separate data centers, protecting services against single data center failures.
You can find more information about GCP security practices on their cloud security page.
Estateably maintains a number of information security policies that form the basis of our information security program. All Estateably employees are required to review these policies as part of their on-boarding. These security policies cover the following topics and are available to Enterprise customers upon request:
- Access control
- Change management
- Risk management
- Data classification and asset inventory management
- Incident response and management
- Network security
- Encryption and key management
- Human resources security
- Information transfer
- Secure development
- System monitoring and logging
- Vendor management
- Vulnerability management and malware protection
- Mobile device management and remote working
- Business continuity and disaster recovery
Backups and Disaster Recovery
All Estateably customer data is stored redundantly at multiple GCP data centers (availability zones) to ensure availability. Estateably has well-tested backup and restoration procedures in place, which allow for quick recovery in the case of single data center failures and disasters.
Estateably Enterprise includes all our general security measures, plus additional features and enhancements to provide even more customization and privacy.
Single sign-on (SSO)
Estateably supports single sign-on (SSO) for Enterprise customers. By using the customer’s existing identity management solution, Estateably provides an easy and secure way for companies to manage their team members’ access. Estateably supports identity providers like Google G Suite, Azure Active Directory, OneLogin, and Okta. Estateably also supports both SAML and OAuth-based OpenID Connect.
Role-based access control (RBAC)
Estateably supports role-based access control, which means the access of team members within an organization are dictated by their role (viewer, collaborator, editor, or administrator). Administrators can assign team members specific roles or revoke access using the Estateably account dashboard.
Security vulnerability disclosure
If you would like to disclose a potential security vulnerability or have security concerns about an Estateably product, please reach out to firstname.lastname@example.org. Please include a description of the security vulnerability, steps to reproduce, and the impact the vulnerability may have.