All datastores containing customer data, including S3 buckets, employ encryption at rest. Additionally, sensitive collections and tables utilize row-level encryption. This ensures that data is encrypted even before it reaches the database, making it inaccessible through physical or logical means alone.

Responsive employs TLS 1.2 or higher for all data transmission across potentially insecure networks. Additionally, we leverage features like HSTS (HTTP Strict Transport Security) to enhance the security of our data during transit. AWS manages our server TLS keys and certificates, deploying them via Application Load Balancers.

AWS Key Management System (KMS) oversees the management of encryption keys. These keys are securely stored within Hardware Security Modules (HSMs), ensuring that direct access is restricted to all individuals, including Amazon and Vanta employees. The keys stored in HSMs are utilized for encryption and decryption via Amazon’s KMS APIs.

Furthermore, application secrets are encrypted and securely stored using AWS Secrets Manager and Parameter Store. Access to these values is meticulously controlled.

Responsive collaborates with a top-tier penetration testing consulting firm in the industry on an annual basis. Our current preferred partner for penetration testing is Doyensec, a renowned authority in GraphQL security.

These assessments cover all aspects of the Vanta product and cloud infrastructure, with testers having full access to the source code to ensure comprehensive effectiveness and coverage.