HomeValet has an Information Security Program in place that is communicated throughout the organization. Our Information Security Program follows the criteria set forth by the SOC 2 Framework. SOC 2 is a widely known information security auditing procedure created by the American Institute of Certified Public Accountants. As part of this security program, HomeValet undergoes independent third-party assessments to test our security and compliance controls and independent third-party penetration tests at least annually on our platform and Smart Box to ensure that our security posture remains uncompromised.
HomeValet employees undergo annual security training. We conduct background checks and require employees to sign an industry standard confidentiality agreement prior to employment.
HomeValet has documented business continuity and disaster recovery and incident response plans. These plans are reviewed and tested at least annually.
HomeValet uses cloud services from a major cloud service provider. Our cloud service provider and other vendors are required to provide SOC 2 or ISO 27001 attestations or an equivalent self-assessment acceptable to HomeValet prior to HomeValet engaging their services.
HomeValet practices include, but are not limited to:
- Data encryption at rest and in transit.
- Regular vulnerability scanning and active monitoring of threats.
- Monitoring and logging of all services, including alerts for failures of critical infrastructure.
- Access to cloud infrastructure and other sensitive tools are limited to authorized users and limited to that required for their role. We follow the principle of least privilege with respect to identity and access management. Access is regularly monitored and audited.
- Where available, we use single sign-on (SSO) and/or multifactor authentication in combination with strong password policies on cloud infrastructure and internal and vendor services.
- Active risk management, including annual risk assessments and vendor reviews.
If you have any questions, comments or concerns or if you wish to report a potential security issue, please contact [email protected]