Security you can trust
Last updated
Last updated
Here at Tonic.ai, we utilize the principle of least privilege to protect data. Tonic.ai employees will never access your customer data—and the Tonic platform doesn’t store that data either.
Rest assured that we take security seriously.
Our security controls include the following.
When we connect to customers' environments, we use least privilege, with access scoped only to what is needed to satisfy the control.
To restrict employee access, Tonic.ai uses the principle of least privilege, to ensure that employees have access only to what they need to perform their specific roles.
Tonic.ai uses an independent auditor to maintain a SOC 2 report, to ensure adherence to industry standards for security and privacy.
Tonic.ai engages a qualified assessor to complete an annual third-party static code analysis and manual penetration tests.
As part of every release, Tonic.ai uses a combination of:
Manual testing
Automatic unit and integration tests
Security scanning
Tonic.ai uses multiple logging and monitoring tools to ensure that the software we build and deploy is:
Free of defects
Configured securely
Tonic.ai employs staff who have industry knowledge and experience in:
Secure infrastructure
Application management
Risk
Operations
Tonic.ai uses centrally managed endpoint management solutions to ensure that all employee and BYOD devices:
Are configured securely
Receive proper updates
Remain compliant with Tonic.ai requirements while in use
Our annual security training covers:
Security hygiene
Phishing
Data protection
New threats that employees might encounter
General best practices