image description

Security Practices

At Second, we take the security of our clients’ and our company’s data very seriously. We believe that it is the responsibility of every company you trust with your data to secure it according to best practices.

Below is a summary of the precautions we take to protect your data. If you have any questions about our policies, please write to us at [email protected]

Audit Practices

  • Overview

    Second undergoes security assessments by both internal personnel and our external security firm Agency who perform regular audits to verify that our security practices are sound and to monitor the services for new vulnerabilities discovered by the security research community.

Security Controls

  • Second has implemented and will maintain appropriate measures to protect your data against destruction, loss, or unauthorized access. The following security controls are in place.

  • Network Protection
  • Endpoint Detection & Response (EDR)
  • Endpoint Management (MDM)
  • Employee Password Managers
  • Employee Personal Device Protection
  • Multi-Factor Authentication

Monitoring & Logging

  • We understand that even the best software cannot prevent a security incident without 24/7 monitoring. Second employs Agency to continuously monitor all security systems, maintain forensic logs, and manage incident response.

  • Dedicated Security Monitoring
  • Security Logs
    • Endpoint Logging

Personal Security Policy

  • Our employees are our first line of defense, and we provide them with the best available resources to protect themselves, and the data we hold.

  • 24/7 Employee Access to security support
  • Employee Personal Device Protection
  • Personal Password Managers

Dark Web Monitoring

  • Second uses Agency to monitor the dark web on its behalf for exposure of employee passwords.

  • Dark Web Monitoring

Incident Management

  • Second maintains security incident management policies and procedures. In the event of an incident, we will notify all impacted clients, typically by email.

Confidentiality

  • Confidentiality agreements for all employees
  • Customer data deleted upon request or termination

Infrastructure

  • At Second we use a variety of third party vendors to support our technology infrastructure and operations. We take the responsibility of selecting and vetting these vendors extremely seriously.

  • All infrastructure security fully-vetted
  • Security assessment performed on all critical-third party vendors

Vendors

  • We use the following subprocessors to manage certain critical infrastructure for our organization. These have been fully vetted, and are listed below:

  • Google Workspace
  • Slack
  • Github
  • Amazon Web Services

Report an Issue

  • If you believe you've discovered a security-related issue, please contact us at [email protected]