Your Data. Our Responsibility.

When you choose to trust us with your data, we take that responsibility seriously.
We invest in the people, processes, and technology to keep your data secure.

Our Infrastructure & Processes. Secure & Audited.

SOC 2 Type I & II

Securing Our People

As pioneers of modern security awareness training, it should be no surprise that ongoing security awareness focused on the latest threats is a priority within Cofense. Our expectations around engagement and understanding are very high.

To ensure appropriate levels of security and privacy for your data, we enforce the principle of least privilege to strictly limit which personnel have access to our production infrastructure. We were the first organization in our sector to appoint a Chief Privacy Officer, who reports directly to our CEO.

Securing our Development Lifecycle

Cofense solutions are developed in-house and follow best practices of SDLC lifecycles including versioning, code review, and testing. We require our developers to have mandatory secure software development training with focus on OWASP Top Ten. All source code developed by Cofense is subject to peer review and is automatically scanned for security issues. We work with third parties to perform risk assessments including vulnerability assessments and penetration tests on a regular basis.

Securing Your Data

We employ multiple layers of security to protect customer data. All customer database-resident Cofense application data is encrypted at rest using the industry-accepted AES-256 encryption algorithm. Data in transit between customers and Cofense applications is TLS-encrypted, using HTTPS.