At Scalytics, we understand that enterprise data is your most critical asset. Our Information Security Program is designed to secure your data at the edge, in the cloud, and on-premises. We adhere to stringent, globally recognized frameworks to ensure our infrastructure—and your AI agents—remain resilient, secure, and compliant.
ISO 27001 Alignment
Scalytics operates its Information Security Management System (ISMS) in strict accordance with the globally recognized ISO/IEC 27001 standard. Our infrastructure, risk management processes, and security controls are built on this framework, and we are working to actively undergoing the formal external ISO 27001 certification process.
SOC 2 Alignment
Scalytics maintains a comprehensive Information Security Program designed in strict alignment with the Trust Services Criteria (Security, Availability, and Confidentiality) established by the American Institute of Certified Public Accountants (AICPA). Our internal controls, infrastructure design, and access management policies are built upon SOC 2 principles to ensure your data is handled with the highest standards of care as we progress toward formal external certification.
GDPR & EU Data Protection
With operations in both the United States and the European Union (Malta), privacy is built into our core architecture. We comply fully with the General Data Protection Regulation (GDPR), enforcing strict data minimization, granular access controls, and lawful data transfer mechanisms (including Standard Contractual Clauses).
HIPAA Readiness
For our healthcare and life sciences clients, Scalytics provides environments designed to meet the strict regulatory requirements of the Health Insurance Portability and Accountability Act (HIPAA). We support Business Associate Agreements (BAAs) and implement the necessary administrative, physical, and technical safeguards to protect Protected Health Information (PHI).
Encryption Everywhere All customer data is protected using industry-standard encryption protocols.
Vulnerability Management & Penetration Testing
We perform continuous automated vulnerability scanning across our products and infrastructure. Additionally, independent third-party cybersecurity firms conduct comprehensive penetration testing at least annually to identify and remediate potential attack vectors before they can be exploited.
High Availability & Disaster Recovery (BDR)
Scalytics architectures, including our Kafka BDR solutions, are built for infinite scale and fault tolerance. We utilize immutable S3 backups, Point-in-Time Recovery (PITR), and active-active clustering to ensure your critical event streams are never lost.
Principle of Least Privilege
Access to production systems, cloud infrastructure, and sensitive data is strictly limited to authorized personnel who require it for their specific roles.
Authentication Controls
We enforce strong password policies, mandatory Multi-Factor Authentication (MFA), and Single Sign-On (SSO) across all internal and administrative environments.
Quarterly Access Reviews
User access rights are audited quarterly. Access is immediately revoked upon employee termination or role transfer.
Security Awareness Training
Security is everyone’s responsibility at Scalytics. All team members undergo mandatory security awareness and privacy training during onboarding, and annually thereafter. Topics include phishing mitigation, secure coding practices, and data handling protocols.
Background Checks & Confidentiality
All Scalytics employees and contractors are subject to comprehensive background checks (in accordance with local laws) and must sign strict Non-Disclosure and Confidentiality Agreements (NDAs) prior to accessing any company systems.
Vendor Risk Management
We hold our partners to the same high standards we hold ourselves. All third-party vendors and subprocessors undergo rigorous security and privacy assessments before being authorized to process any data on our behalf.
We believe in absolute transparency. If you require further details regarding our security posture, need to execute a BAA, or have identified a potential security vulnerability, please contact our dedicated security team.
Email: security@scalytics.io
