Commitment to Our Clients
Exceeding clients’ expectations is our top priority. Dstillery is committed to maintaining trust with every client through security and transparency. The following information summaries our compliance, privacy, and operations security practices.
SOC 2 is a defined criteria for managing customer data and is based on five trust service principles, security, availability, processing integrity, confidentiality, and privacy. Dstillery has obtained SOC 2 Type 1 certification, validating the design of our security processes.
Details around our compliance certifications and attestations are available under NDA. For more information about Dstillery’s compliance certifications and programs, please reach out to *your D representative or *firstname.lastname@example.org
Dstillery has a dedicated CISO who reports to the President, with responsibilities focused on enterprise security, awareness and training, vulnerability management, incident management, secure logging and monitoring, security risk management, supplier risk management, and identity and access management.
Background checks are performed on all Dstillery staff and personnel are required to sign confidentiality agreements upon hire.
Dstillery has developed security policies and procedures based on SOC 2 and industry standard practices. All employees are required to acknowledge an understanding of these policies upon hire and through annual mandated training.
All employees must complete annual security and privacy awareness training on hire and annually thereafter. Additionally, Distillery conducts regular phishing exercises and follows up with remediation training as needed.
Dstillery uses a defined, tier-based security model to evaluate all prospective vendors’ criticality and exposed residual risk. These evaluations involve a combination of security questionnaires and cybersecurity certification reviews with all third parties.
Security Monitoring and Alerting
Dstillery deploys various monitoring, logging, and alerting solutions to monitor logs and generate alerts for anomalies.
Dstillery participates in the Department of Homeland Security’s CyberHygiene program and conducts annual penetration testing for all internet-facing assets. Our IT team regularly performs patch management activities on servers, workstations, and networking devices. Additionally, secure endpoint configurations are determined and approved for all user work activities.
Responsible vulnerability disclosure channels are available for external security researchers to submit information to at XXX@dstillery.com to find a copy of the full security vulnerability disclosure policy, CLICK HERE.
In addition to vulnerability management security testing, Dstillery contracts with a third-party firm to perform annual penetration tests.
Dstillery employs the principle of least privilege, restricting access to client data repositories to authorized users on a need-to-know basis. Client data is logically isolated with strict access controls to prevent data leakage.
Security Incident Response
Dstillery has a defined incident response policy and plan that prescribes appropriate actions for triage and escalation of all potential incidents. Dstillery also performs tabletop exercises with key stakeholders to ensure all relevant staff understand their roles and responsibilities in supporting the incident response plan.
Dstillery encrypts all communications with industry-standard HTTPS/TLS 1.2+ between public networks and Dstillery clients to protect all data
Dstillery employs full-disk encryption (FDE) to protect data-at-rest.
Business Continuity and Disaster Recovery
Dstillery’s business continuity and disaster recovery plans are designed with the safety and security of our client data in mind. All data backups are replicated for high availability and redundancy to datacenters that are accredited under ISO 27001, SOC 1 and SOC 2, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley.
Dstillery formally acknowledges those that have help in the improvement of our overall security program on our Acknowledgements page.