✓ Data Center & Network Security ✓ Application Security ✓ Data Security ✓ Security Policies ✓ Application Monitoring ✓ Secure Software Development Lifecycle
SOC2 Type 1 Certification
Rafiki is SOC 2 Type 1 Compliant.
SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the AICPA's Trust Services Principles criteria.
Rafiki powers you with
Product Security
Rafiki supports SAML 2.0 and uses OAuth2 standard authorization. Client Data is stored on resilient storage that is replicated across data centers
Data Security
User data is automatically encrypted using Advanced Encryption Standard (AES) 256, a secure symmetric-key encryption standard
Operational Security
Rafiki partners with Google Web Services (GCP), a world-class, secure data center provider, and utilizes its state-of-the art electronic surveillance and multi-factor access control systems.
Threat / Vulnerability Detection
Entire site constantly monitored
Built-in anamoly detection
Annual external penetration testing
Web service uptime continuously monitored for incidents that result in denial of service attacks
Regularly tested for penetration and vulnerability threats
Data Protection
Encryption at rest
Single-sign on
Role-based access controls - COMING SOON
Logging, auditing and monitoring features
Encryption in transit
Features to enhance privacy of personal data
Secure Development Process
Peer code reviews
Robust security framework based on OWASP standards
Screen code changes for potential security issues with our code analyzer tools
Release cycle follows functional, unit and extensive QA testing
Software Development Life Cycle (SDLC) mandates adherence to secure coding guidelines