Skip to main content

Trust Center

Enterprise-grade security practices for every engagement. We protect your data with the same rigor we apply to finding your vulnerabilities.

Security Practices

  • Assessment data encrypted at rest (AES-256) and in transit (TLS 1.3)
  • Data retained per engagement contract terms, securely deleted upon completion
  • Dedicated assessment environments isolated per client
  • No customer data leaves the assessment environment
  • Air-gapped assessment option available for sensitive environments

Framework Alignment

  • NIST PQC Standards (FIPS 203/204/205 — ML-KEM, ML-DSA, SLH-DSA)
  • NIST SP 800-57 Key Management, FIPS 140-3 Cryptographic Modules
  • SOC 2 Type II controls alignment
  • ISO 27001 Information Security Management
  • CMMC Level 2 mapped controls for defense supply chain
  • PCI-DSS 4.0 cryptographic assessment requirements

Personnel Security

  • Background-checked assessment teams
  • NDA-bound personnel on every engagement
  • Team members with prior security clearances (NSA, CIA, DIA, Air Force)
  • Continuous security awareness training
  • Segregation of duties across assessment phases

Assessment Methodology

  • Standards-based: NIST SP 800-57, FIPS 140-3, NIST IR 8547
  • CVSS 3.1 vulnerability scoring with quantum-specific extensions
  • Automated cryptographic inventory (53 detection modules)
  • Manual expert validation of all critical/high findings
  • Reproducible results with documented evidence chains

Data Handling

  • Assessment artifacts stored in encrypted, access-controlled repositories
  • Client data never used for training, marketing, or secondary purposes
  • Data residency: US-only option available
  • Secure deletion certificates provided upon engagement close
  • Incident response: 24-hour notification for any data security events

Available on Request

  • SOC 2 Type II report (under mutual NDA)
  • Penetration test summary for Qryptonic infrastructure
  • Completed security questionnaire (SIG Lite, CAIQ, custom)
  • Sample Master Services Agreement (MSA)
  • Sample Statement of Work (SOW)
  • Certificate of Insurance

Need Compliance Documentation?

SOC 2 reports, security questionnaire responses, and sample agreements available under mutual NDA during engagement scoping.

Request Documentation