Security
Secure platform, infrastructure and data.
Your data is sensitive. We are constantly improving our security, compliance and audit initiatives with your trust in mind.
Compliance
We comply with global privacy laws & security standards.
SOC 2 Type II Certified
Patch’s SOC 2 Type II report includes the trust services categories of Security, Confidentiality, and Availability, and is audited annually.
HIPAA Compliance
Patch is certified to securely handle healthcare and related data.
GDPR Compliance
Patch complies with the EU's GDPR, including prompt data deletion upon request.
CCPA Compliance
Patch ensures policies, processes, and controls comply with CCPA requirements.
Data & Infrastructure Security
Secure-by-design, Patch is built to protect your most sensitive data.
Secure infrastructure provider
We host all of our data in physically secure, U.S.-based leading cloud provider facilities that include 24/7 on-site security, camera surveillance, and more.
Strict access controls
Access to all Patch systems is managed through our identity provider, which automates user provisioning, enforces passwordless MFA, and logs all activity.
Server security & monitoring
All servers are configured using documented security guidelines, and images managed centrally. Changes to the company’s infrastructure are tracked, and security events logged appropriately.
Personnel Security
Employees are vetted & trained on security practices.
Formal security policies & incident response plan.
Patch maintains a set of comprehensive security polices that are kept up-to-date to meet the changing security environment. These materials are made available to all employees during training and through the company’s knowledge base.
Continuous security training.
Patch provides continuous education on emerging security threats, performs phishing awareness campaigns, and communicates with employees regularly.
Application Security
Development practices have security & quality checks built-in.
Development & change management
Code development is done through a documented SDLC process and tracked via GitHub. Automated controls ensure changes are peer-reviewed and pass a series of tests before being deployed.
Third-party vendor security review process
Through a comprehensive review process, we ensure that all of our third-party apps and providers meet our security data protection standards before using them.
