Privacy & Security
ZeroTek works hard to protect your data, privacy, and trust.
SOC 2 Type 1 Compliant
As part of our commitment to protect customer data, ZeroTek has achieved SOC2 Type 1 compliance. SOC 2 (System and Organization Controls) refers to a suite of reports used during an audit to determine whether an organization’s systems and specified controls meet relevant trust principles.
To request a copy of our SOC 2 Type 1 report or to report a security concern, email us at support@zerotek.com.
Our commitment to security
Infrastructure
ZeroTek uses Microsoft Azure as its primary cloud-computing platform. With its multi-layered security, global infrastructure, and largest compliance coverage in the industry, Azure provides the data security, scalability, and availability essential to ZeroTek’s MSP platform and delivery services.
We use industry-recognized practices to secure our infrastructure, and only a minimum number of carefully vetted professionals can access our infrastructure to perform administrative and maintenance activities.
Architecture
ZeroTek’s service architecture employs defense-in-depth and zero-trust principles so that the information we process and exchange remains confidential. We deploy encryption to secure all data in transit or at rest. To guarantee system integrity, we benchmark our configurations against industry standards and practices. ZeroTek engages in regular pen testing and vulnerability scans with third parties.
Data Security
ZeroTek uses logical isolation to separate tenant data in our multi-tenant environment. We use account authentication, session management controls, logical database field separation, and distinct encryption keys to restrict customer access to the data associated with their organization. Each day we take snapshots of our database and system configuration. Backups and production environments employ the same protections.
Access Management
ZeroTek leverages Okta’s best defense mechanisms, which ensure a zero-trust model and require authentication and identity confirmation at every point in time. Management reviews each user’s access to systems and data regularly to remove all access that is no longer required. We remove all access upon termination of employment.
Operations
ZeroTek monitors all services, events, and activity patterns for performance and any malicious or suspicious activity.
Privacy Policy
In the interest of transparency, ZeroTek maintains a robust, published Privacy Policy outlining our collection and use of personal information via our webiste, and provision of our services.