Information Security at Arctic Wolf
We Obsess Over Data Protection
Protection of customer information is a crucial element of our business model. It is integrated into our culture in the form of policy and procedure formalizations and supporting controls. We architect our product/service delivery environment and support systems using secure cloud-computing models. To ensure our secure architecture operates according to performance and security specifications, we have implemented an Information Security Program using the ISO/IEC 27001/27002 and AICPA’s Trust Services Principles as our security frameworks.
How We Protect Your Data
To achieve our commitment to our security and privacy principles, Arctic Wolf has implemented the following:
- We continuously review our security & privacy measures to ensure any customer data we collect and process on our systems is adequately protected.
- We train our employees on security and privacy practices (1) upon hire, (2) continuously during their employment, and (3) annually.
- Our third-party vendor contracts contain terms to ensure the vendors processing customer data have adequate data protection and privacy controls.
- We have integrated our security & privacy controls into our organizational standard operating procedures.
- We use our own Managed Detection and Response solution for detecting and responding to threats within our environment. We use our Managed Risk solution to determine end-point vulnerabilities and manage and prioritize patching to reduce cyber-risk exposure.
- Our comprehensive organization wide Information Security Management program takes a risk-based approach to implementing defense-in-depth security controls. Some of the key security controls include:
- Maintenance of Information Security Policies
- Background checks for Arctic Wolf employees to the extent permitted by law
- Mandatory new hire, continuous and annual security awareness training
- Vendor security & privacy risk management processes
- Information classification, handling, & retention processes
- Use of Arctic Wolf’s Managed Detection and Response and Managed Risk solutions in its own environments
- Limiting access to customer data based on least privilege principles
- Ongoing management of workers’ access to customer data
- Endpoint Protection for Arctic Wolf managed devices
- Network Security
- Change management processes
- Patch Management for End Points
- Secure Software Development Lifecycle processes
- Business Continuity and Disaster Recovery processes
- Information Security Incident Response processes