Security

Organizational Security

Scout Monitoring maintains an Information Security Program that is communicated throughout the organization following SOC 2 Framework criteria. We conduct independent third-party security assessments and perform penetration testing annually.

The organization implements defined security roles, mandatory employee security awareness training, and requires confidentiality agreements and background checks for all team members.

Cloud Security

Scout uses Amazon Web Services (AWS) for hosting, with all databases located in the United States. We implement:

• Encryption at rest for all databases
• TLS/SSL encryption for data in transit
• Vulnerability scanning and threat monitoring
• Active logging of cloud services
• Backup and disaster recovery procedures through AWS
• Formal incident response procedures

Access Security

We enforce Single Sign-on (SSO), 2-factor authentication (2FA), and strong password policies where available. Additional controls include:

• Least privilege access principles
• Quarterly access reviews
• Mandatory password complexity requirements
• Password manager usage on company devices

Vendor and Risk Management

Scout performs annual risk assessments and conducts vendor reviews before authorizing new vendors.

Contact

Security inquiries should be directed to security@scoutapm.com.