Authentication and authorization
Spiral maintains strict role-based access control across all our internal and external systems. Access to all critical services requires SSO and multi-factor authentication.
Spiral conducts regular risk assessments to gain an accurate and thorough understanding of the potential risks to security, availability, and privacy in our products and services.
We engage with trusted third parties to complete network and application vulnerability scans at least once annually.
Spiral performs internal vulnerability scans continuously to identify, prioritize, and remediate potential system vulnerabilities.
Third-party risk management
Spiral implements third-party management policies and procedures. This helps us ensure protection of assets and data that are accessible by vendors, and to establish standards for information security and service delivery from vendors.
Spiral conducts background checks on all applicants selected for full-time employment.
All Spiral employees are required to complete security and compliance training annually.