At Cambio, security and compliance principles guide our product delivery from start to finish.
Guiding Principles
Principle of least privilege: Employees and systems are granted minimum access necessary to perform their required tasks.
Secure development: We prioritize security throughout the development lifecycle of our systems and applications. We follow best practices and conduct regular security assessments and testing to identify and address vulnerabilities.
Continuous improvement: We are dedicated to continuously improving our security practices. We stay updated with the latest security technologies, and best practices to adapt and enhance our security measures as needed.
Data Protection
Data is encrypted at rest. All datastores containing customer data are encrypted at rest.
Data is encrypted in transit. Cambio uses TLS 1.2 to encrypt data in transit.
Encryption keys and application secrets are managed using secure, industry-standard key and secrets management services, such as AWS Key Management Service (KMS) and AWS Secrets Manager.
Secure Hosting
All of Cambio's environments are backed by AWS security measures. AWS provides a highly secure and reliable infrastructure for hosting web services.
Cambio is leveraging AWS Identity and Access Management (IAM) to restrict access based on roles and responsibilities, minimizing the risk of unauthorized access.
AWS maintains a robust compliance program, adhering to various industry standards and regulations. They have achieved certifications like ISO 27001, PCI DSS, and SOC 2, demonstrating their commitment to security and data protection.
Product Security
Cambio requires vulnerability scanning of all production services.
Software development is conducted in line with OWASP Top 10 recommendations for web application security.
SOC 2 Type II
Cambio is SOC 2 Type II compliant.
This achievement indicates that our handling and processing of customers’ data meets key security standards. The protection of customer data is the highest priority for our team and we’re committed to building a robust security & compliance program.
We partnered with Vanta & Advantage Partners to seamlessly guide us through the compliance process.
Customers can request access to the audit report
Internal Policies and Training
Cambio provides security training to all employees upon onboarding as well as annually.
Cambio ensures all employees accept and review Cambio's comprehensive security policies upon onboarding.
