Tracer is Committed to Data Security
SOC 2 Type 2 Audit
Reflecting our commitment to providing best-in-industry security practices and building on the trust of our customers, Tracer completes annual SOC 2 Type 2 audits.
These rigorous independent audits, based on the AICPA’s Trust Service Criteria, test the operating effectiveness of our systems as they relate to security, processing integrity, confidentiality, and privacy. Successfully completing a SOC 2 Type 2 audit provides our customers with the assurance that an independent assessment has confirmed our ability to keep their data secure and meet the requirements of applicable privacy laws. The audit reports include a description of our trust services and controls, as well as the auditors’ opinion on the suitability of the design and operating effectiveness of our security and confidentiality practices.
Independent Data Security Assessment
Tracer has also undertaken an independent assessment of its privacy and security safeguards over the data we collect on behalf of our global customers. Not only is the protection of personal data required by an increasing number of countries and jurisdictions, but we believe that conducting this deeper analysis of our internal controls further demonstrates our commitment to protecting our customers.
EU-US and Swiss-US Data Privacy Framework
Tracer has certified to the U.S. Department of Commerce that it adheres to the EU-US and Swiss-US Data Privacy Framework Principles with regarding the collection, use, and retention of any personal information from European Union member countries and Switzerland. To learn more about the Data Privacy Framework program, and to view Tracer’s certification, please visit https://www.dataprivacyframework.gov./
The following describes Tracer’s systematic way to address vulnerabilities and when we resolve security bugs in our products.
Security bug fix Service Level Objectives
Tracer sets service level objectives for fixing security vulnerabilities based on the vulnerability rank. Resources like the Common Vulnerabilities and Exposures (or similar) could be utilized when appropriate to aid in answering the above questions.
|Fix Timeline (Business Days)
Vulnerabilities that score in the critical range usually have most of the following characteristics:
Vulnerabilities that score in the high range usually have some of the following characteristics:
Vulnerabilities that score in the medium range usually have some of the following characteristics:
|Vulnerabilities in the low range typically have very little impact on an organization’s business. Exploitation of such vulnerabilities usually requires local or physical system access.
When a security issue of Medium or Low severity is discovered, Tracer will aim to release a fix within the timeline objectives listed above. In certain circumstances Tracer may, however, defer addressing the fix based on available resources and company objectives.
We will continuously evaluate our policies based on customer feedback and will provide any updates or changes on this page.