Security and Compliance at ComboCurve

December 9, 2024

ComboCurve is committed to safeguarding your data through rigorous security measures. We leverage advanced encryption standards and proactively conduct quarterly vulnerability assessments – performing 4X the industry standard of required testing. We employ third-party SOC auditors and penetration testers to ensure we are meeting and exceeding security program guidelines within our internal security program. Our focus is on keeping your data protected, compliant, and accessible to your authorized team members.


SOC 1 Type II and SOC 2 Type II Certified 

ComboCurve maintains both SOC 1 and SOC 2 Type II certifications to meet stringent industry standards. These certifications are validated through independent AICPA-certified auditors, ensuring compliance and fostering trust. SOC 2 focuses on protecting client data, while SOC 1 adds layers of control related to financial reporting. This approach is essential for clients who require the highest level of security for their data operations.

 

Full Data Encryption – AES-256 and TLS 1.2 or Higher 

Data security is embedded in ComboCurve’s architecture. We use AES-256 encryption for data at rest and TLS 1.2 or higher for data in transit. From the moment a user establishes a connection with our application, all data is fully encrypted to protect against unauthorized access. These measures ensure that sensitive information remains secure throughout every interaction with our platform, including API calls and integrations, effectively preventing data breaches from man-in-the-middle attacks and information leakage.

 

Robust Access Controls and SSO Support 

ComboCurve prioritizes secure access management with Single Sign-On (SSO) and multi-factor authentication. These controls enable clients to use their existing identity providers, streamlining user access while maintaining a high level of security. Additionally, our application allows already-employed behavior-based login monitoring to detect anomalies, providing an added layer of protection.

 

Third-Party Penetration and Vulnerability Testing 

ComboCurve conducts quarterly penetration testing – exceeding the industry standard of annual checks required by SOC 2. We engage third-party firms to simulate potential threats, identifying vulnerabilities before they become risks. Beyond standard assessments, we conduct remediation testing to ensure any issues found are not only fixed but thoroughly validated. This extra layer of diligence reinforces the security of our platform.

 

Compliant with Industry-Leading Security Frameworks 

ComboCurve follows the ISO 27001 security framework to uphold international best practices. By adhering to these guidelines, we ensure rigorous measures to protect client data, even when formal certification isn’t a client requirement.

 

Client-Focused Security Compliance Portal 

To streamline compliance for clients, ComboCurve offers a customer compliance portal. This portal provides clients with access to the latest security audits and certifications, ensuring they have the documentation required for their own compliance needs. Clients are automatically notified whenever new audit reports or security updates are available, providing transparency and ease of access.

 

Internal Security Measures 

ComboCurve maintains a comprehensive internal security program with user training, phishing simulations, and proactive internal testing. These measures strengthen our team’s ability to counter threats, reinforcing the security of our platform, including all API interactions, to protect client data.

 

Cloud-Native Security 

As a cloud-native solution, ComboCurve employs scalable security, allowing us to deploy advanced security measures with just a few clicks. This provides significant advantages over traditional on-premise setups, which require extensive manual installations and hardware. By leveraging cloud infrastructure, we can offer enterprise-level security that is not only scalable but also more accessible and cost-effective for companies of all sizes. 

 

See how your team can go from forecast to economics in minutes with energy’s fastest analysis engine.

Book a Demo