Compliance & Security

SOC 2 Aligned Practices

Our cloud infrastructure and operational controls follow SOC 2 Type II framework principles for security, availability, and confidentiality.

Status: Framework Aligned
Practices: Security controls, monitoring, incident response
Note: Formal certification in progress

ISO 27001 Aligned Practices

Information security management practices following ISO 27001 framework for systematic approach to managing sensitive information.

Status: Framework Aligned
Practices: ISMS policies, risk management, controls
Note: Formal certification in progress

HIPAA Compliance

Our products can be deployed in HIPAA-compliant configurations for healthcare organizations. Business Associate Agreements (BAA) available.

Status: Supported
Features: Encryption, audit logging, access controls
BAA: Available upon request

PCI-DSS Support

GoPhish Cloud supports organizations meeting PCI-DSS Requirement 12.6 for security awareness training and phishing simulation programs.

Status: Supported
Use Case: Security awareness training
Documentation: Auditor-ready reports

GDPR Compliance

Our products support GDPR requirements through data minimization, encryption, access controls, and data subject rights. Self-hosted deployment ensures data stays within your jurisdiction.

Status: Supported
Features: Data sovereignty, right to deletion, encryption
Documentation: GDPR-ready data processing agreements

Security Hardening Controls

All HailBytes products are deployed with security hardening controls that align to CIS benchmarks, following industry-standard configuration best practices for secure infrastructure.

Status: Implemented
Alignment: CIS benchmarks and security best practices
Scope: All cloud deployments

Security Best Practices

We follow SOC 2 Type II and ISO 27001 security practices and controls, including systematic risk management, security monitoring, and incident response procedures.

Frameworks: SOC 2, ISO 27001 practices
Status: Following industry standards
Note: Practices implemented, certification in progress

NIST Cybersecurity Framework

Our security operations align with NIST CSF guidelines for identifying, protecting, detecting, responding to, and recovering from cybersecurity threats.

Status: Aligned
Framework: NIST CSF v1.1
Coverage: All five core functions

Data Encryption

• TLS 1.2+ for data in transit
• AES-256 encryption at rest
• End-to-end encryption for sensitive data
• Key management via Azure Key Vault / AWS KMS

Access Controls

• Role-based access control (RBAC)
• Multi-factor authentication (MFA)
• Principle of least privilege
• Regular access reviews and audits

Infrastructure Security

• Private network segmentation
• Web Application Firewall (WAF)
• DDoS protection via cloud providers
• Regular vulnerability scanning

Monitoring & Logging

• 24/7 security monitoring
• Comprehensive audit logging
• Real-time alerting for anomalies
• SIEM integration support

Incident Response

• Documented IR procedures
• 24/7 security operations center
• Regular tabletop exercises
• Customer notification protocols

Vendor Management

• Third-party security assessments
• Regular vendor reviews
• AWS & Azure compliance inheritance
• Subprocessor transparency