Shared Responsibility

At Decryption Group, we understand the critical importance of securing and protecting your data. Through our Shared Responsibility program, we implement and offer a robust suite of security and compliance measures to our clients and partners, mirroring the industry's highest standards.

Compliance Frameworks and Certifications

SOC 2 Type 2 Compliance We adhere to the System and Organization Controls 2 Type 2 (SOC 2) framework, developed by the American Institute of Certified Public Accountants (AICPA). This framework ensures that our services are secure and safeguard customer data across five Trust Services Categories (TSCs), emphasizing Security, Confidentiality, and Availability.

ISO 27001:2013 Certification Our operations are certified under the ISO 27001:2013 standard, an internationally recognized benchmark for information security management. This certification demonstrates our commitment to a systematic approach in managing sensitive company and customer information.

GDPR Compliance In alignment with the EU General Data Protection Regulation (GDPR) and the UK GDPR, we ensure the protection and lawful processing of personal data from the EU and the UK. Our commitment includes:

• Maintaining appropriate technical and organizational security measures.

• Promptly notifying customers of data breaches.

• Imposing stringent data protection obligations on our sub-processors.

• Facilitating data subjects' rights, including access, correction, and deletion requests.

• Utilizing EU Standard Contractual Clauses and the UK Addendum for data transfer outside the EEA.

PCI DSS Compliance While we do not store personal credit card information, we ensure secure transaction processing through third-party services adhering to the Payment Card Industry Data Security Standard (PCI DSS).

Infrastructure and Data Management

Global Infrastructure Our cutting-edge deployment platform and network infrastructure leverage leading cloud services to offer a resilient and high-performance experience, with multiple regions and Anycast network capabilities for global reach.

Security Measures We employ a comprehensive security strategy, encompassing both technology and procedures, to regulate access to production resources and manage cloud resources securely. Our infrastructure is designed for resilience, with cloud-native and third-party tooling for continuous security monitoring.

Data Residency Clients have the option to choose their preferred data residency, with default serverless function locations in the U.S. and numerous global regions available for deployment, ensuring compliance with data sovereignty requirements.

Failover Strategies and Resiliency Testing Our platform is built for high availability, with automatic traffic rerouting in case of regional outages and multi-region redundancy for critical functions. Regular resiliency testing ensures our readiness to meet recovery time objectives (RTO) and recovery point objectives (RPO).

Data Encryption and Backup We encrypt all data at rest using AES-256 encryption and protect data in transit with HTTPS/TLS 1.3. Our backup strategy includes hourly data backups, stored globally for disaster resilience, and tested periodically for integrity.

Enterprise Infrastructure For our enterprise clients, we offer dedicated build infrastructure, ensuring isolated and secure environments distinct from other account tiers.

Security Assessments Our commitment to security extends to regular penetration testing and audit scans conducted by reputable third-party experts, complemented by daily code reviews and static analysis checks.

Through the Shared Responsibility program, Decryption Group pledges to maintain the highest standards of data security and compliance, offering peace of mind to our clients and partners in an ever-evolving digital landscape.