We use least privilege when connecting to customers’ environments, scoped to only what’s needed to satisfy the control.
Tonic.ai restricts employee access using the principle of least privilege, ensuring that employees only have access to what they need to perform their specific roles.
Tonic.ai uses an independent auditor to maintain a SOC 2 report, ensuring adherence to industry standards for security and privacy.
Tonic.ai completes annual third-party static code analysis and manual penetration tests by a qualified assessor.
Tonic.ai uses a combination of manual testing, automatic unit and integration tests, and security scanning as part of every release.
Tonic.ai uses multiple logging and monitoring tools to ensure that the software we build and deploy is free of defects and configured securely.
Tonic.ai employs staff with industry knowledge and experience in secure infrastructure, application management, risk, and operations.
Tonic.ai uses centrally managed endpoint management solutions to ensure that all employee and BYOD devices are configured securely, receive proper updates, and remain compliant with Tonic requirements while in use.
Our annual security training covers security hygiene, phishing, data protection, new threats that employees may encounter, and general best practices.
If you believe you’ve found something in a Tonic.ai product that has security implications, please email your findings to security@tonic.ai. If you would like to report these over a secure channel, please send us an email, and we can provide a PGP key or other secure form of communication.
For more information about our security processes, please visit our Trust Center or reach out to hello@tonic.ai.