Security has always been at the heart of what we do. Developing technologies that help our customers improve their operations while enhancing their compliance posture starts with our own dedication to policies and controls in our own development processes.
Governance
Actall’s Leadership Team establishes policies and controls, monitor compliance with those controls, and prove our security and compliance to our clients, partners and community. Our policies are based upon the following principles:
Strategic
Access should be limited to only those with a legitimate business need and granted based on the principle of least privilege.
Consistent
Security controls should be applied consistently across all areas of the enterprise.
Principled
Security controls should be implemented and layered according to the principle of defense-in-depth.
Continuous
The implementation of controls should be iterative, continuously maturing across the dimensions of improved effectiveness, increased auditability, and decreased friction.
You can access our Security Compliance status via our TRUST CENTER
Data Protection
Data at Rest
Digital datastores with customer data are encrypted at rest. Most of our data is stored via third-party cloud services. We require SOC2 certification (at a minimum) for all operational vendors. Non-digital customer information is physically segregated and inventoried on a regular basis.
Data in Transit
Actall does not currently offer any cloud products that engage or contain customer data or Personally Identifiable Information. ATLAS RTLS networks are implemented 100% on premises and use LoRaWAN to transport wirelessly between end devices and the Hubsens locating engine appliance. LoRaWAN security implements end-to-end encryption for application payloads.
Enterprise Security
Endpoint Protection
All corporate devices are centrally managed and are equipped with mobile device management software and anti-malware protection. Endpoint security alerts are monitored with 24/7/365 coverage. We use MDM software to enforce secure configuration of endpoints, such as disk encryption, screen lock configuration, and software updates.
Secure Remote Access
Actall uses WatchGuard SSLVPN, implemented and monitored by Savant CTS for remote access to internal resources. DNSWatch is deployed by WatchGuard. This helps protect against malicious DNS connections and phishing attacks.
Security Education
Actall provides security training to all employees upon onboarding and annually through educational modules accessed via our compliance vendor, Vanta. In addition, all new employees attend a mandatory live onboarding session centered around key security principles. All new team members in Engineering also attend a mandatory live onboarding session focused on secure coding principles and practices. Actall leadership shares regular threat briefings with employees to inform them of important security and safety-related updates that require special attention or action.
Identity and Access Management
Actall uses Google Workspace to secure our identity and access management. We enforce the use of phishing-resistant authentication factors, using third party authenticators exclusively wherever possible. Actall employees are granted access to applications based on their role, and automatically de-provisioned upon termination of their employment. Further access must be approved according to the policies set for each application.