Security and Privacy

At Cambio, security and compliance principles guide our product delivery from start to finish.

Guiding Principles

• Principle of least privilege: Employees and systems are granted minimum access necessary to perform their required tasks.
• Secure development: We prioritize security throughout the development lifecycle of our systems and applications. We follow best practices and conduct regular security assessments and testing to identify and address vulnerabilities.
• Continuous improvement: We are dedicated to continuously improving our security practices. We stay updated with the latest security technologies, and best practices to adapt and enhance our security measures as needed.

Data Protection

• Data is encrypted at rest. All datastores containing customer data are encrypted at rest.
• Data is encrypted in transit. Cambio uses TLS 1.2 to encrypt data in transit.
• Encryption keys are managed via AWS Key Management System (KMS) and secrets all are managed in AWS Secrets Manager.

Secure Hosting

• All of Cambio's environments are backed by AWS security measures. AWS provides a highly secure and reliable infrastructure for hosting web services.
• Cambio is leveraging AWS Identity and Access Management (IAM) to restrict access based on roles and responsibilities, minimizing the risk of unauthorized access.
• AWS maintains a robust compliance program, adhering to various industry standards and regulations. They have achieved certifications like ISO 27001, PCI DSS, and SOC 2, demonstrating their commitment to security and data protection.

Product Security

• Cambio requires vulnerability scanning of all production services.

• Software development is conducted in line with OWASP Top 10 recommendations for web application security.

SOC 2 Type 1

• Cambio is SOC 2 Type 1 compliant.
• This achievement indicates that our handling and processing of customers’ data meets key security standards. The protection of customer data is the highest priority for our team and we’re committed to building a robust security & compliance program.
• We partnered with Vanta & Advantage Partners to seamlessly guide us through the compliance process.
  
• Customers can request access to the audit report
  

Internal Policies and Training

• Cambio provides security training to all employees upon onboarding as well as annually.
• Cambio ensures all employees accept and review Cambio's comprehensive security policies upon onboarding.