Mycroft's Security Practices

Last revised: December 1, 2024

Introduction
Mycroft is a believer in leading by example and believing in our own product. As a result, we continuously monitor our security program through our own product itself in which allows us to build a security and program based on the following standards and regulations:

  • AICPA Trust Services Criteria 2017 Rev. 2 (SOC 2) against Security, Confidentiality, Processing Integrity, and Availability

To obtain a copy of our SOC 2 report, please reach out to security@mycroft.io or your Customer Success Manager

Policies

In support of the highest standards of security and privacy, Mycroft has established the following policies which are reviewed on at least an annual basis:

  • Information Security and Governance
  • Privacy
  • Code of Conduct and Acceptable Use
  • Asset Management
  • Data Classification and Lifecycle Management
  • Logical Access
  • Vulnerability Management
  • Incident Response
  • Secure Software Development and Management
  • Vendor Risk Management
  • Business Continuity and Disaster Recovery

Continuous Security Monitoring

We have currently implemented the following to ensure ongoing maintenance and compliance:

  • Cloud Security Posture Management
  • Continuous Code Repository Testing and Manual Reviews
  • Dynamic Automation and Response
  • Endpoint Management and Monitoring
  • Application Security Testing
  • Ongoing Testing and Monitoring for Availability and Integrity
  • Continuous Access and Configuration Reviews

Administrative and Governance Controls

In addition to the technical controls, we have implemented the following administrative and governance controls:

  • Assigned individual as the Data Protection Officer / Information Security Leader
  • Policy Management
  • Vendor Risk Management and Governance
  • HR and Contractual Obligation Processes
  • Customer Communications and Support Management
  • Continuous Risk Assessments (including AI, Security, Fraud, and Operations)
  • Cybersecurity Insurance Coverage up to $1MM