Security
We operate a security program aligned with SOC 2 Trust Services Criteria, with controls across Security, Availability, and Confidentiality. Below is a summary of the core practices customers can expect when using RadX.
Governance & risk management
- Documented security policies, roles, and responsibilities
- Periodic risk assessments and control reviews
- Employee security awareness and role-based training
- Vendor due diligence and ongoing monitoring
Access control
- Least-privilege access and role-based authorization
- Multi-factor authentication where applicable
- SSO (SAML/OIDC) available on Enterprise
- Joiner–mover–leaver processes with periodic access reviews
Data protection
- Encryption for data in transit and at rest
- Data classification and least-data collection practices
- Key management following industry best practices
- Customer data segregation and access logging
Secure development lifecycle
- Formal change management and peer code review
- Automated dependency and vulnerability scanning
- Secrets management and environment isolation
- Pre-production testing and quality gates
Monitoring & incident response
- Centralized logging, alerting, and audit trails
- Defined incident response procedures with regular exercises
- Vulnerability management and timely remediation
Business continuity
- Regular backups and restoration testing
- Disaster recovery planning and periodic drills
- Capacity planning and health monitoring
Customer & compliance
- Shared responsibility model and clear data ownership
- Data retention and deletion upon request
- Support for DPAs and security questionnaires
Need more details or a security questionnaire? Contact us.