Security
HowGood follows leading InfoSec standards and is both AICPA SOC 2 Type II compliant and ISO 27001:2022 certified. HowGood's InfoSec Standards are based on:
footprints delivered
InfoSec is Core to Our Business
Protecting our customer’s data and rigorous security practices are a top priority for HowGood
Data Security
HowGood encrypts data at rest and in transit for all of our customers. We use the highest security protocols and latest ciphers for TLS/SSL encryption, automatic key rotation, hardware keys, etc. In addition we utilize advanced monitoring, and system log management controls for continuous 24/7 monitoring of all infrastructure, and application resources.
Application Security
We use industry best practices for application development security, and some of the most advanced security controls for codebase security, vulnerability scanning, and patch management. HowGood regularly engages some of the industry’s best application security experts for third-party penetration tests.
Infrastructure Security
HowGood uses state of the art, next-gen security controls to monitor, and protect our infrastructure, and running applications.
Secure Policies
We have dedicated security resources, and policies adhering to some of the most rigid secure frameworks. We perform regular Risk Assessments, 3rd party Vendor Risk Management, and periodic assessments, and improvements of all of our security contols.