image description

Security Practices

At Second, we take the security of our clients’ and our company’s data very seriously. We believe that it is the responsibility of every company you trust with your data to secure it according to best practices.

Below is a summary of the precautions we take to protect your data. If you have any questions about our policies, please write to us at [email protected]

Audit Practices

  • Overview

    Second undergoes security assessments by both internal personnel and our external security firm Agency who perform regular audits to verify that our security practices are sound and to monitor the services for new vulnerabilities discovered by the security research community.

Security Controls

  • Second has implemented and will maintain appropriate measures to protect your data against destruction, loss, or unauthorized access. The following security controls are in place.

  • Multi-Factor Authentication
  • Employee Personal Device Protection
  • Employee Password Managers
  • Endpoint Management (MDM)
  • Endpoint Detection & Response (EDR)
  • Network Protection

Monitoring & Logging

  • We understand that even the best software cannot prevent a security incident without 24/7 monitoring. Second employs Agency to continuously monitor all security systems, maintain forensic logs, and manage incident response.

  • Dedicated Security Monitoring
  • Security Logs
    • Endpoint Logging

Personal Security Policy

  • Our employees are our first line of defense, and we provide them with the best available resources to protect themselves, and the data we hold.

  • Personal Password Managers
  • Employee Personal Device Protection
  • 24/7 Employee Access to security support

Dark Web Monitoring

  • Second uses Agency to monitor the dark web on its behalf for exposure of employee passwords.

  • Dark Web Monitoring

Incident Management

  • Second maintains security incident management policies and procedures. In the event of an incident, we will notify all impacted clients, typically by email.

Confidentiality

  • Customer data deleted upon request or termination
  • Confidentiality agreements for all employees

Infrastructure

  • At Second we use a variety of third party vendors to support our technology infrastructure and operations. We take the responsibility of selecting and vetting these vendors extremely seriously.

  • Security assessment performed on all critical-third party vendors
  • All infrastructure security fully-vetted

Vendors

  • We use the following subprocessors to manage certain critical infrastructure for our organization. These have been fully vetted, and are listed below:

  • Google Workspace
  • Slack
  • Github
  • Amazon Web Services

Report an Issue

  • If you believe you've discovered a security-related issue, please contact us at [email protected]