Security & Compliance
8 min
compliance standards soc ii type 2 certified (report available upon request) hitrust e1 certified flume platform hipaa compliant robust access controls flume implements rbac model based on the principle of least privilege key user roles include admins, editors, viewers flume supports auditable temporary access for customer configurations data management & protection intermediary role between data sources and destinations customer authority to grant/revoke access temporary data holding; optional customer hosted data for extended storage flume utilizes google cloud's encryption infrastructure to encrypt data both rest and in transit auditability flume provides full visibility with comprehensive logs for all data transfers and interactions this includes all changes within the orchestration system which are retained and tracked by the user backup & recovery industry standard backup tools geographically and logically separated data housing customer hosted trade data ensures backup and recovery vulnerability management layered detection strategy secure development practices and container scanning security tools integration (google cloud, github, drata, snyk) network security beyondcorp, zero trust security model hardened kubernetes configuration gcp managed identity aware proxy (iap) for controlled access rigorous network access policies physical & environmental safeguards flume is hosted on google cloud platform in ssae 16, soc 2/3, iso certifications, hitrust, fedramp certified data centers these facilities have redundant power, cooling, network, and strict physical security secure web portal access & sso iap protected portals and apis enterprise sso support microsoft 365, google, saml, oidc tls requirement for connections monitoring for anomalies in access and behavior
