Book a call with one of our experts →
Learn about Staircase AI and why we exist.
Join the Staircase AI team.
We take security seriously. Learn more.
All the news and coverage about Staircase AI.
©2023 Staircase AI. All Rights Reserved.
Staircase AI manages data of customers around the world. We understand that our customers expect us to protect their data with the highest standards and are committed to providing them with a highly secure and reliable environment. Our security model and controls are based on international standards and industry best practices, such as OWASP Top 10.
Our systems are hosted on multiple Availability Zones at Amazon Web Services (AWS). This allows us to provide a reliable service and keeps your data available whenever you need it. This data center employs leading physical and environmental security measures, resulting in highly resilient infrastructure. For more information about its security practices, see below:
AWS security page
Staircase AI implements a security-oriented design in multiple layers, one of which is the application layer. The Staircase AI application is developed according to the OWASP Top 10 framework and all code is peer reviewed prior to deployment to production.
Our controlled CI/CD process includes static code analysis, vulnerability assessment, unit testing which addresses authorization aspects and more. Staircase AI developers go through periodic security training to keep them up-to-date with secure development best practices.
Another layer of security is the infrastructure. As stated, Staircase AI is hosted across multiple AWS Availability Zones. Furthermore, our infrastructure is protected using multiple layers of defense mechanisms, including:
Staircase AI encrypts all data both in transit and at rest:
Independent third party assessments are crucial in order to get an accurate, unbiased understanding of your security posture. Staircase AI conducts penetration tests on an annual basis both in the application and in the infrastructure level using well-known, independent auditors.
Additionally, Staircase AI is going through external auditing as part of the SOC2 Type II audit and other external audits.
Staircase AI is a cloud-based solution, with no part of our infrastructure retained on-premise. Our physical security in the offices include personal identification based access control, CCTV and alarm systems.
Staircase AI’s data centers are hosted on Amazon Web Services infrastructure, where leading physical security measures are employed.
Staircase AI is committed to providing continuous and uninterrupted service to all its customers. We consistently backup user data every day. All backups are encrypted.
Our Disaster Recovery Plan is tested at least once a year to assess its effectiveness and to keep the teams aligned with their responsibilities in case of a service interruption.
Staircase AI understands that its security is dependent on its employees. Therefore, all our employees undergo thorough information security awareness training during onboarding. Further security training is provided on an annual basis. Additionally, all employees must sign our Acceptable Use Policy.
We know the data you upload to Staircase AI is private and confidential. We regularly conduct user access reviews to ensure appropriate permissions are in place, in accordance with the least privilege principle. Employees have their access rights promptly modified upon change in employment.