Paragon's last SOC2 Type 1 certification was issued February 18, 2022 by Prescient Security with 100% compliance and no unusual findings.
Paragon enables logging to track activity and configuration changes. We retain our cloud infrastructure logs for at least 1 year and have implemented tools to log and retain account activity related to actions across its cloud infrastructure. Additionally, Paragon has implemented tools to capture information about IP traffic going to and from network interfaces in their virtual private cloud.
Paragon encrypts data at rest. Sensitive data is encrypted when it is transmitted over public networks.
Our appointed Data Protection Officer is responsible for reviewing that it is up to date and its procedures are followed. Any customer can request a copy of the document by emailing privacy@useparagon.com.
Paragon robust architecture automatically scales to handle requests at large volumes.
Background checks are in place to qualify new personnel. Such screening is reviewed prior to a new employees first day, in accordance with local laws.
Paragon has a security awareness training program in place to promote the team's awareness of their obligations with respect to maintaining information security, privacy and understanding of internal policies. Such program is logged and completed by all applicable new hires.
Full-disk encryption is used on all Paragon laptops and/or desktops.
Paragon performs vulnerability scans on it's systems and applications to identify potential vulnerabilities. Results are assessed and the company tracks high/critical findings through remediation.
Paragon additionally has a Vulnerability Management Policy in place to govern the detection and remediation of vulnerabilities.