Security you can trust
Here at Tonic.ai, we utilize the principle of least privilege to protect data. Tonic.ai employees will never access your customer data—and the Tonic platform doesn’t store that data either.
Rest assured that we take security seriously.
Our security controls include the following.
Secure by design
When we connect to customers' environments, we use least privilege, with access scoped only to what is needed to satisfy the control.
Access management
To restrict employee access, Tonic.ai uses the principle of least privilege, to ensure that employees have access only to what they need to perform their specific roles.
External validation
Tonic.ai uses an independent auditor to maintain a SOC 2 report, to ensure adherence to industry standards for security and privacy.
3rd-party pen testing
Tonic.ai engages a qualified assessor to complete an annual third-party static code analysis and manual penetration tests.
Manual and automated testing
As part of every release, Tonic.ai uses a combination of:
Manual testing
Automatic unit and integration tests
Security scanning
Monitoring
Tonic.ai uses multiple logging and monitoring tools to ensure that the software we build and deploy is:
Free of defects
Configured securely
Security and risk management team
Tonic.ai employs staff who have industry knowledge and experience in:
Secure infrastructure
Application management
Risk
Operations
Device management
Tonic.ai uses centrally managed endpoint management solutions to ensure that all employee and BYOD devices:
Are configured securely
Receive proper updates
Remain compliant with Tonic.ai requirements while in use
Annual security training
Our annual security training covers:
Security hygiene
Phishing
Data protection
New threats that employees might encounter
General best practices
Last updated