Security Policy

Security at Archetype Consulting

Security is a fundamental part of our organization and services. We take security very seriously and ensuring the safety of our customers' data is a top priority and have implemented numerous technical and operational measures to secure their data.

Archetype is SOC 2 Type II compliant through the AICPA. SOC 2 is an auditing process and compliance standard that measures security and availability, providing assurance to customers that their data is being managed in a controlled and audited environment. This compliance confirms that Archetype's information security practices, policies, procedures, and operations meet the SOC 2 standards for security.

Each year, our company works with independent and AICPA-accredited auditors to maintain SOC 2 compliance. This requires annual audits to ensure our practices and procedures comply with the strongest standards in the industry. The audits objectively certify our controls to ensure the continuous security, availability, confidentiality, and integrity of our customers' data.

The certification and report can be provided upon request

Data Security

Archetype Consulting encrypts data at rest and in transit for all of our customers. We use tools like Amazon Web Service’s Key Management System (KMS) to manage encryption keys using various security modules for maximum security in line with industry best practices.

Application Security

We regularly engage some of the industry’s best security experts for third-party penetration tests and security assessments on infrastructure and solutions that we build and operate. Also, our security experts always evaluate the source code, running application, and the deployed environment. Archetype Consulting uses high-quality static analysis tooling and vulnerability scanners to secure solutions and systems at every step of the development process.

Infrastructure Security

We use Amazon Web Services, Microsoft Azure and Google Cloud Platform for our infrastructure to host and provide solutions. We also make full use of the security products embedded within the AWS, Azure and GCP ecosystem, including KMS, GuardDuty, Inspector, strict firewall rules and etc. In addition, we deploy our solutions using containers run on AWS managed services, meaning we typically do not manage servers or EC2 instances in production.

Best Security Practices

Our employees are trained to handle customer data with care through annual security awareness training. Access to data is granted on a principle of least privilege. Single sign-on support, password controls, and two-factor authentication are in place to comply with various compliance requirements.

Archetype continuously monitors and improves its solutions to meet and exceed the latest best practices in security and controls, including Cloud Security Best Practices, CIS Benchmarks, OWASP Best Practices, NIST SP Guidelines, and more.

Additionally, Archetype uses Vanta for automated compliance monitoring, to ensure adherence to a standard set of common SOC 2 controls and for continuous, proactive monitoring of our security and compliance posture.

Last Updated: January 27, 2023.