Enterprise Security

Contact Us Today

Our Commitment

At Everest, we implement the necessary policies and controls to ensure the security and privacy of our data.

Data Security Measures

We take a multi-layered approach to security by incorporating advanced technologies and best practices to safeguard your data. Key measures include:

  • Encryption: All data, whether at rest or in transit, is encrypted using industry-standard protocols (e.g., AES-256, TLS 1.2/1.3).
  • Access Controls: Role-based access ensures only authorized personnel can access sensitive information.
  • Network Security: Our systems are protected by firewalls, intrusion detection systems (IDS), and regularly updated anti-malware tools.
  • Regular Security Audits: Routine vulnerability assessments ensure our systems remain secure.

Privacy Practices

We are committed to ensuring that personal data is handled responsibly. Key aspects of our privacy policy include:

  • Transparency: Clearly communicating how we collect, use, and share your data.
  • User Control: Providing tools and options to manage data preferences and consent.
  • Third-Party Protections: Vetting and monitoring third-party vendors to ensure they comply with our privacy standards.

Incident Response And Reporting

Despite our robust quality and security measures, we recognize the importance of being prepared for potential incidents. We have a dedicated Incident Response Team that:

  • Detects and investigates anomalies or breaches in real-time.
  • Mitigates risks through rapid containment and remediation.
  • Notifies affected parties and regulators in accordance with legal requirements.

SOC2 Compliance

Following a thorough evaluation by an independent auditor, our data platforms and management processes have achieved SOC2 security compliance. Key controls include:

  • Infrastructure Security: Our infrastructure security practices protect critical hardware, software, networks, and data from physical and cyber threats. We require employees, contractors, and users to use authorized secure authentication mechanisms to access production datastores, systems, and applications. We use firewalls, network segmentation, an infrastructure monitoring tool, and an intrusion detection system to prevent, track, and address unauthorized access to data.
  • Organizational Security: Our organizational security practices protect our systems and data from data breaches and other potential threats. We install, deploy, and routinely update anti-malware technology to protect data from potential malicious attacks. We require employees and contractors to acknowledge and uphold our code of conduct and confidentiality agreement and complete security awareness training.
  • Product Security: Our product security practices protect our systems and data throughout their lifecycles from damage or disruption. We encrypt datastores housing sensitive data and use secure transmission protocols to encrypt data transmitted over public networks. We follow strict procedures for vulnerability management and system monitoring.
  • Internal Security Procedures: Our internal security procedures protect our platform and system data from unauthorized access, misuse, or disruption. We have tested and implemented system continuity, disaster recovery, and incident response plans, physical access processes, and vendor and risk management programs. We follow proprietary software development practices to deploy system changes and updates. We conduct regular access reviews, risk assessments, and vulnerability scans.