CoderPad Security and Privacy Measures
Security is more than a buzzword at CoderPad, it’s a fundamental aspect of our platform. Your data’s safety is a top priority for us. Explore how we maintain a secure environment for your technical hiring.
Infrastructure and Application Security
- CoderPad is hosted and runs on industry standard cloud providers: Amazon Web Services, Google Cloud Platform, and Heroku. We secure our cloud infrastructure using CIS Benchmark.
- We do weekly vulnerability scans, and have a clear patch management policy.
- CoderPad undergoes a yearly penetration test by an external provider. Contact our Sales team if you wish to see the latest report.
- We have an active Bug Bounty program where we offer rewards to anyone who identifies potential security vulnerabilities.
- New product features and internal processes undergo peer review and security assessment prior to release. We consistently enhance security practices based on industry shifts and customer input.
- We streamline authentication by providing single sign-on (SSO) capability (allows MFA)
- Our data is stored using AES256 encryption. Our web communication uses TLS1.2 at minimum.
- Our SOC2 Compliance certification is underway and should be confirmed by the end of 2023.
- We use a trusted payments processor, Stripe, and never store or process your payment data.
Internal security measures
- CoderPad has a full-time Chief Information Security Officer (CISO), who is CISSP-certified, and a Data Privacy Officer (DPO).
- We use Multi Factor Authentication for access to all critical tools.
- All users:
- have an Endpoint Detection and Response (EDR) security tool deployed on professional endpoints. This is monitored by a security operations center.
- have surface encryption on their professional endpoints
- attend a yearly mandatory cybersecurity and privacy awareness program
- We have and abide by a full set of internal cybersecurity policies (based on the ISO 27000 framework), including a privacy and an acceptable usage policy.
SecurityScorecard rates and continuously monitors the corporate cybersecurity of websites and gives an A-F rating based on 10 risk factors.