Security at Anrok
Leading enterprise software companies trust Anrok to keep their data secure. We take security and privacy seriously and utilize enterprise-grade best practices to ensure the trust of our users.
Enterprise-grade security and compliance features
SOC 1 Type II
Anrok is SOC 1 Type II compliant. An independent firm has audited the design and operating effectiveness of Anrok’s internal controls that may be relevant to a customer’s financial reporting, and confirmed they meet the standards set forth in SSAE 18 and ISAE 3402.
SOC 2 Type II
Anrok is SOC 2 Type II compliant. Anrok has been audited by an independent firm who has confirmed that Anrok meets the requirements set forth in TSP section 100, 2017 Trust Services Criteria for Security, Availability, and Confidentiality.
Encryption and infrastructure
Anrok uses Google Cloud Platform (GCP). GCP data centers are monitored by 24×7 security and are SOC 1, SOC 2, SOC 3, and ISO 27001 certified. All data processed on Anrok is encrypted in transit (using TLS 1.2 or higher) and at rest (through AES-256).
Data privacy and GDPR
Anrok is strongly committed to safeguarding the privacy of user data. A Data Processing Addendum is available upon request for customers as Anrok is firmly committed to compliance with the General Data Protection Regulation (“GDPR”).
Proactive testing and analysis
In addition to regular vulnerability scans, Anrok undergoes annual comprehensive security assessment, including black box and white box testing and analysis, conducted by a third-party security firm.
Operational security
Anrok’s security policies include policies governing IT assets, access controls, internet access policies, antivirus policies, remote access policies, and other risk mitigation measures.
Employee trainings
Security is a priority for the entire company at Anrok. All employees complete an annual security training program and employ best practices when handling customer data.
Secure software development
Anrok utilizes a variety of manual and automatic data security and vulnerability checks throughout the software development lifecycle.