Roadmunk Security Policy
We take our customers’ security very seriously, and have extensive experience serving enterprise clients with complex security requirements. This page covers key elements of our security policy. For a detailed summary, please contact support.
ISO/IEC 27001 and ISO/IEC 27701 Certified, SOC 2 Attested
Tempo Software Inc., including Roadmunk as one of its products, is ISO/IEC 27001:2022 and 27701:2019 certified. This means that our information security and privacy management systems have been independently audited and certified to meet the highest international standards. These audits involved a rigorous review of our technology infrastructure and operational processes and represent our commitment to continuously improving how we secure our customers and their data.
We also have a team of experienced security and privacy professionals who continuously monitor and improve our security posture, as well as implement a comprehensive set of security and privacy controls, including risk management, access control, incident response, and many more.
In addition to ISO 27001 and 27701 certifications, we have also successfully completed a SOC 2 Type 1 audit. This audit assessed the security of the systems and services we provide to our customers. The successful completion of this audit demonstrates our commitment to providing our customers with the highest levels of security and compliance. Please see here for information on how to request a copy of the report.
We use world-class data centers
Roadmunk’s physical infrastructure is hosted and managed within Amazon’s secure data centers and leverages Amazon Web Services (AWS) and Amazon Elastic Compute Cloud (EC2) technology. The data is physically stored on servers in the United States, EU and Australia. Backups are completed every 20 minutes and kept for a period of 30 days.
Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
ISO/IEC 27001, ISO/IEC 27701, AND ISO 27017/8
SOC 1, SOC 2 and SOC 3 / SSAE 16/ISAE 3402
(Previously SAS 70 Type II)
PCI DSS Level 1
AWS also has given special attention in the USA and EU to comply with any new or changing regulations, such as:
Sarbanes-Oxley (SOX)HIPAASafe Harbour / Privacy ShieldFISMAFedRAMPDoD SRGEU Data Protection Directive (GDPR)A full list of Amazon’s certifications is available here.
Your password is stored securely
All user passwords are hashed. Hashing passwords means we don’t have access to the original passwords, nor does anyone else. So even if our database were compromised, everyone’s passwords would stay secure. We also provide Brute Force password protection. This robust security feature ensures that your account remains secure, protecting your users' sensitive information and providing peace of mind.
We do not store payment details
Roadmunk does not store or process payments. All payments go through our partner, Stripe, which is a leading global payments system that is PCI DSS compliant. Details about their security can be found here.
Secure transmission
All communication between Roadmunk servers and the client browser is secured using the industry standard Transport Layer Security (TLS). Only the most relevant and secure level of TLS is accepted by Roadmunk (currently 1.2). The connection is encrypted using AES-256 CBC with SHA256 for message authentication and ECDHE RSA as the key exchange mechanism.
Penetration and vulnerability testing
Roadmunk conducts annual third party penetration testings on its systems to validate and confirm that there are no technical vulnerabilities that may have been missed.
For documentation about Roadmunk policies, please consult our Terms of Use and Privacy Policy. Form more information about our security policy, message support or email support-rm@tempo.io.