Morph logoMorph

Morph Trust Center

Morph is in compliance with security best practices, has implemented and is monitoring comprehensive controls, and maintains policies to outline its security procedures.

security@morphllm.com

Compliance

Links

Privacy PolicyTerms of Service

Resources

SOC 2 Type I Report
Company Handbook
Baseline Hardening Policy
Chief Information Security Officer (CISO) Policy
Acceptable Use Policy

Controls

Access control procedures
Multifactor authentication
Tracking access changes
VPN access
Remote access tool
Encryption of data
Backup and recovery policy
Source code tool
Outsourced Development Management
Sample code changes
Web application firewall
Vulnerability scanning
Network diagram
Intrusion detection tool
Infrastructure firewall
Monitoring tool
Infrastructure baseline hardening policy
Breach notification communication
Alerts and remediation
Security incident list
Whistleblower policy
Log management tool
Vendor management program
Vendor onboarding
Vendor list
Vendor termination
New employee and contractor agreements
Employee handbook
List of active employees & contractors as on date
List of newly hired employees & contractors
List of terminated employees & contractors
Multi-availability zones
Asset register maintaining
Risk and Governance Executive Committee meeting minutes
Risk management program
Internal communication for changes in roles
Intellectual property rights
Organization chart
Security-related roles
Pre-hire checklist

Subprocessors

Slack
SlackBusiness Apps & Productivity
Fly.io
Fly.ioCloud Infrastructure & Platform Services
AWS
AWSCloud Infrastructure & Platform Services
Vercel
VercelCloud Infrastructure & Platform Services

FAQs

Emergency changes that can't follow regular processes due to urgency require immediate attention and discussion with a relevant service manager. Such changes are formally approved retrospectively after implementation. These emergency changes are later reviewed in periodic meetings to analyze lessons learned, root causes, and impacts.

Our organization actively manages vendor risks through a structured approach that includes maintaining a critical third-party vendor inventory and conducting risk assessments before initiating third-party work. These assessments are repeated annually to identify any gaps between third-party security controls and our information security standards.

The organization uses firewalls and intrusion detection systems to prevent unauthorized access and detect external security threats.