At Invicti, security is the cornerstone of our company culture. Invicti offers vulnerability assessment and management products, and its internal focus is to align with global security standards. To accomplish this task, Invicti has taken four primary steps. 

• We have a rigorous training program in place for new hires that starts the moment they step into the company. They receive training on security, compliance, and governance-related matters as well as on the delivery of security-related resources. 
• Invicti’s access controls are strict, and all development, staging, and production environments are completely separated. All customer data, including backups, is kept encrypted at rest and in transfer (SSL certification, AES 256, and TLS 1.2).
• Invicti has security tools and services in its environments, such as SOC as a service and SIEM tools for collecting internal logs and event data. Invicti utilizes Amazon Web Services (AWS) as its cloud provider. In addition to this, Invicti utilizes AWS Shield for comprehensive protection against all known infrastructure (Layer 3 and 4) attacks, AWS Key Management Service (KMS) for key management systems, and AWS WAF for a web application firewall that helps protect Invicti’s web applications and APIs against common web exploits.
• Invicti utilizes a static code analysis tool to control each update and change in development. Additionally, request, patch, and change management processes are being followed with the industry-leading products. Application penetration tests are conducted twice a year by independent third parties. Invicti is consistently awarded excellent ratings with zero findings.

In summary, with each of these security measures and as further detailed in this profile, Invicti takes active ownership of and interest in its internal security practices both because of our internal commitment to security and because it is our business.