Your Security is Our Topmost Priority

Writesonic ensures continuous monitoring and enhancement of security controls, referencing industry best practices and conformity with established security principles like the AICPA Trust Services Principles.

Writesonic engages reputable third parties to conduct independent assessments, including SOC 2 reports, to validate the effectiveness of security measures and maintain transparency with stakeholders about security compliance.

Writesonic performs annual network and application penetration tests through an independent security firm. Resolve issues promptly and keep leadership informed on the status of the security landscape.

Writesonic implements least privilege and role-based access controls, review user access semi-annually, and ensure that Multi-Factor Authentication (MFA) is required for accessing sensitive infrastructure and systems.

Writesonic utilizes robust cloud hosting providers like AWS, GCP, and Microsoft Azure to store and manage data, ensuring that all instances are hardened and employ serverless architectures for high service availability.

Writesonic encrypts all customer data in transit and at rest using strong encryption methods such as TLS 1.2+ with AES256 for data in transit, and AES256 for data at rest, while safely managing encryption keys with limited access.

Writesonic provides employees with managed workstations equipped with disk encryption and anti-malware protection, and enforces policies for automatic updates and idle lockout.

Writesonic applies centralized logging for all production systems to detect and respond to potential compromises. Ensuring that security incident responses are tracked to resolution by a robust incident response plan.

Writesonic utilizes firewalls configured to deny unsolicited incoming traffic, perform annual reviews, and leverage additional security layers like IDS, WAF, and CDN to protect against advanced threats.

Writesonic mandates comprehensive security awareness training for all employees upon hire and annually thereafter. Enforces policies that include the completion of background checks and the signing of confidentiality agreements.

Writesonic embraces a secure software development lifecycle (SDLC), including code review and automated testing. Regularly update and maintain code management processes to swiftly address vulnerabilities and apply necessary enhancements.

Writesonic carefully evaluates third-party service providers to ensure that they adhere to security requirements that match the company’s standards to protect processed data.