Commitment to Our Clients

Exceeding clients’ expectations is our top priority. Dstillery is committed to maintaining trust with every client through security and transparency. The following information summaries our compliance, privacy, and operations security practices.

Compliance

Compliance Program

SOC 2 is a defined criteria for managing customer data and is based on five trust service principles, security, availability, processing integrity, confidentiality, and privacy.  Dstillery has obtained SOC 2 Type 1 certification, validating the design of our security processes.

Reports

Details around our compliance certifications and attestations are available under NDA. For more information about Dstillery’s compliance certifications and programs, please reach out to *your D representative or *email@d.com

Security

Security Team

Dstillery has a dedicated CISO who reports to the President, with responsibilities focused on enterprise security, awareness and training, vulnerability management, incident management, secure logging and monitoring, security risk management, supplier risk management, and identity and access management.

Background Checks

Background checks are performed on all Dstillery staff and personnel are required to sign confidentiality agreements upon hire.

Security Awareness 

Policies

Dstillery has developed security policies and procedures based on SOC 2 and industry standard practices. All employees are required to acknowledge an understanding of these policies upon hire and through annual mandated training.

Training

All employees must complete annual security and privacy awareness training on hire and annually thereafter. Additionally, Distillery conducts regular phishing exercises and follows up with remediation training as needed.

Supplier Security

Dstillery uses a defined, tier-based security model to evaluate all prospective vendors’ criticality and exposed residual risk. These evaluations involve a combination of security questionnaires and cybersecurity certification reviews with all third parties.

Security Monitoring and Alerting

Dstillery deploys various monitoring, logging, and alerting solutions to monitor logs and generate alerts for anomalies. 

Vulnerability Management

Dstillery participates in the Department of Homeland Security’s CyberHygiene program and conducts annual penetration testing for all internet-facing assets. Our IT team regularly performs patch management activities on servers, workstations, and networking devices. Additionally, secure endpoint configurations are determined and approved for all user work activities.

Responsible vulnerability disclosure channels are available for external security researchers to submit information to at XXX@dstillery.com to find a copy of the full security vulnerability disclosure policy, CLICK HERE.

In addition to vulnerability management security testing, Dstillery contracts with a third-party firm to perform annual penetration tests. 

Logical Access

Dstillery employs the principle of least privilege, restricting access to client data repositories to authorized users on a need-to-know basis. Client data is logically isolated with strict access controls to prevent data leakage.

Security Incident Response

Dstillery has a defined incident response policy and plan that prescribes appropriate actions for triage and escalation of all potential incidents. Dstillery also performs tabletop exercises with key stakeholders to ensure all relevant staff understand their roles and responsibilities in supporting the incident response plan.

Encryption

In Transit
Dstillery encrypts all communications with industry-standard HTTPS/TLS 1.2+ between public networks and Dstillery clients to protect all data

At Rest
Dstillery employs full-disk encryption (FDE) to protect data-at-rest.

Business Continuity and Disaster Recovery

Dstillery’s business continuity and disaster recovery plans are designed with the safety and security of our client data in mind. All data backups are replicated for high availability and redundancy to datacenters that are accredited under ISO 27001, SOC 1 and SOC 2, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley. 

Privacy

Privacy Policy

Dstillery maintains a privacy program that monitors regulatory requirements with oversight from dedicated privacy personnel. Dstillery’s privacy policy can be found here

*Acknowledgements – 

Dstillery formally acknowledges those that have help in the improvement of our overall security program on our Acknowledgements page.