AltiSales Trust Center

AltiSales is in compliance with security best practices, has implemented and is monitoring comprehensive controls, and maintains policies to outline its security procedures.

security@altisales.io

Compliance

Resources

SOC 2 Type II Report

Chief Information Security Officer (CISO) Policy

Board of Directors Charter

Data Classification Policy

Network Security Policy

Controls

Access control procedures

VPN access

Multifactor authentication

Access review of infrastructure

User list with assigned roles and privileges

Encryption of data

Backup and recovery policy

Source code tool

Outsourced Development Management

Sample code changes

Web application firewall

Vulnerability scanning

Intrusion detection tool

Infrastructure firewall

Infrastructure baseline hardening policy

Monitoring tool

Network diagram

Alerts and remediation

Security incident list

Breach notification communication

Whistleblower policy

Log management tool

Vendor management program

Vendor termination

Vendor list

Vendor onboarding

New employee and contractor agreements

List of active employees & contractors as on date

Employee handbook

List of newly hired employees & contractors

Customer onboarding

Multi-availability zones

Asset register maintaining

Risk and Governance Executive Committee meeting minutes

Risk management program

Information security policies and procedures

Asset register list

Patch management

Antivirus and malware configurations

Customer support issues resolved

Subprocessors

HubSpotWorkforce & HR Management

TrellusBusiness Apps & Productivity

AWSCloud Infrastructure & Platform Services

FAQs

Emergency changes that can't follow regular processes due to urgency require immediate attention and discussion with a relevant service manager. Such changes are formally approved retrospectively after implementation. These emergency changes are later reviewed in periodic meetings to analyze lessons learned, root causes, and impacts.

Source code changes are logged, time-stamped, and attributed to their author in a source code management tool. Access to the source code tool is restricted to authorized users using multi-factor authentication.

All systems are patched and updated on a documented, regular, and timely schedule using the Common Vulnerability Scoring System (CVSS) to aid in setting patching guidelines. Critical security vulnerabilities must be patched as soon as possible regardless of CVSS score.