Security Policy

Security at Archetype Consulting

Security is a fundamental part of our organization and services. We take it seriously and keeping customers’ data safe is a top priority.

Archetype is in the process of acquiring a SOC 2 type 2 certification which requires undergoing annual audits to ensure our practices and procedures comply with the strongest standards in the industry. Compliance with SOC2 Type 2 has already been achieved and we are currently ongoing the audit observation period with independent auditors. The certification and report will be available upon request starting late December.

Data Security

Archetype Consulting encrypts data at rest and in transit for all of our customers. We use tools like Amazon Web Service’s Key Management System (KMS) to manage encryption keys using various security modules for maximum security in line with industry best practices.

Application Security

We regularly engage some of the industry’s best security experts for third-party penetration tests and security assessments on infrastructure and solutions that we build and operate. Also, our security experts always evaluate the source code, running application, and the deployed environment. Archetype Consulting uses high-quality static analysis tooling and vulnerability scanners to secure solutions and systems at every step of the development process.

Infrastructure Security

We use Amazon Web Services, Microsoft Azure and Google Cloud Platform for our infrastructure to host and provide solutions. We also make full use of the security products embedded within the AWS, Azure and GCP ecosystem, including KMS, GuardDuty, Inspector, strict firewall rules and etc. In addition, we deploy our solutions using containers run on AWS managed services, meaning we typically do not manage servers or EC2 instances in production.

Best Security Practices

Our employees are trained to treat customer data with care with annual security awareness trainings. Permission is granted on a principle of least privilege. SSO support, password controls, and two-factor authentication are in place in accordance with various compliance requirements.