Skip to content
ZayZoon Z Pattern

Security

At ZayZoon, we focus on the financial wellness of your employees, but the core of our success is providing a safe and trustworthy place for your data.

socforserviceorganizationslogocpas

 

ZayZoon has a SOC 2 Type II report. Our SOC 2 report attests to the controls we have in place governing the availability, confidentiality, and security of customer data as they map to Trust Service Principles (TSPs) established by the American Institute of Certified Public Accountants (AICPA). We are proud of the excellence of our controls and invite you to request a copy of our SOC 2 Type I report by contacting your ZayZoon representative.

Application Security

In-transit Encryption

Sessions between you and our application are protected with in-transit encryption using 2,048-bit or better keys and TLS 1.2 or above. Users with modern browsers will use TLS 1.2 or 1.3.

Web Application and network firewalls

ZayZoon monitors potential attacks with several tools, including a web application firewall and network-level firewalling. In addition, the ZayZoon platform contains Distributed Denial of Service (DDoS) prevention defenses to help protect your site and access to your products.

Software development lifecycle (SDLC) Security

ZayZoon implements static code analysis tools and human review processes in order to ensure consistent quality in our software development practices.

Datacenter Protections

Physical security

ZayZoon products are hosted with cloud infrastructure providers with SOC 2 Type II and ISO 27001 certifications, among others. The certified protections include dedicated security staff, strictly managed physical access control, and video surveillance.

Software Security

Patch management

ZayZoon's patch management process identifies and addresses missing patches within the product infrastructure. Server-level instrumentation ensures tracked software packages use the appropriate versions.

Security incident response

ZayZoon's security incident process flows and investigation data sources are pre-defined during recurring preparation activities and exercises and are refined through investigation follow-ups. We use standard incident response process structures to ensure that the right steps are taken at the right time.

Audits, Vulnerability Assessment & Penetration Testing

Vulnerability assessment

ZayZoon tests for potential vulnerabilities on a recurring basis. We run static code analysis, and infrastructure vulnerability scans.

Penetration testing

ZayZoon leverages 3rd party penetration testing firms several times a year to test the ZayZoon products and product infrastructure.

External audit & certification

ZayZoon has obtained a SOC 2 Type II report attesting to the excellence of its controls in the domains of security, availability, and confidentiality. If you're interested in obtaining a copy of our SOC 2 report, please reach out to your ZayZoon representative.  Our infrastructure providers maintain ISO 27001, SOC 2 Type II, and many other certifications (AWS) (GCP). 

Questions?

Have any more questions about our security policies?