Security & Compliance
How Zentori protects your data: the infrastructure, encryption, monitoring, and the policies and people behind them.
- SOC 2 Type II
- ISO 27001
- FedRAMP
- PCI-DSS
- HIPAA
A layered approach to protecting your data
Security is built into every layer of how Zentori operates, from the cloud infrastructure that hosts your data to the people trusted to run it. No single control stands alone; each layer reinforces the next.
- Layer 01
Cloud Infrastructure
Hosted on Azure, leveraging built-in security controls.
- Layer 02
Data Storage & Processing
Encryption, access controls, and secure data retention policies.
- Layer 03
Access & Security Controls
Identity management, monitoring, and compliance enforcement.
- Layer 04
Personnel Security
Employee background checks, security training, and access management.
Zentori follows the GDPR framework, ensuring user rights, data minimization, and lawful processing. We offer Data Processing Agreements (DPA) and support compliant cross-border data transfers.
Cloud Infrastructure
Secure, scalable, and compliant cloud infrastructure built on Azure.
- Data Hosting
- Zentori's infrastructure runs on Azure, certified for SOC 2, ISO 27001, FedRAMP, PCI-DSS, HIPAA, and other global security standards.
- Data Segregation
- Customer data is isolated with unique IDs to prevent unauthorized access. The API enforces this through authentication in access tokens.
- Physical & Environmental Security
- Zentori personnel have no physical access to Azure data centers, which have 24/7 surveillance, biometric controls, redundancy, and audits.
- Access Control
- Production access is restricted by default, granted only when needed with least-privilege, time-limited permissions via Teleport and approval.
- Monitoring
- Zentori uses Grafana to monitor cloud operations. System failures trigger alerts, notifying key personnel for immediate response and resolution.
- Vendor Risk Management
- All vendors are assessed for security, privacy, and compliance. Those handling sensitive data must meet SOC 2.
Cloud Security
Advanced threat detection and prevention with continuous monitoring.
- Network Vulnerability Scanning
- Zentori performs continuous vulnerability scans on all infrastructure components. Identified vulnerabilities are triaged and remediated based on severity.
- Intrusion Detection & Prevention
- Zentori monitors for unauthorized access using traffic monitoring, anomaly detection, and threat intelligence.
- Logical Access Controls
- Access to production systems is role-based (RBAC), requiring SSO and continuous monitoring. Access modifications require documented approval.
Data Encryption
Strong encryption protecting your data at rest and in transit.
- Data in Transit
- Zentori enforces TLS 1.2+ encryption for all data transmitted over public and private networks.
- Data at Rest
- All stored data is encrypted using AES-256 and follows key rotation policies to maintain security.
- Key Management
- Zentori uses Azure Key Vault for key management, with logging and access controls.
Availability & Continuity
High-availability infrastructure with comprehensive backup and disaster recovery.
- Redundancy
- Zentori's infrastructure is designed for high availability, leveraging multi-region failover and automated scaling.
- Backup Management
- Zentori performs daily encrypted backups stored across multiple availability zones, with automated integrity validation.
- Business Continuity & Disaster Recovery
- Zentori has a BCDR plan with annual disaster recovery tests and predefined restoration protocols to ensure resilience.
Application & Platform Security
Secure development practices and comprehensive vulnerability management.
- Secure Development Lifecycle (SDLC)
- Zentori follows a secure development lifecycle with security testing, code reviews, dependency monitoring, and developer security training.
- Vulnerability Management
- Zentori scans for vulnerabilities, patching per SLA: critical 7 days, high 30, medium 60, low 90.
Human Resources & Endpoint Security
Comprehensive security policies and personnel management practices.
- Background Checks
- Zentori conducts reference checks for all employees before onboarding.
- Confidentiality Agreements
- All employees and contractors sign non-disclosure agreements (NDA) upon hire.
- Policies
- Zentori maintains a security policy framework, reviewed annually and enforced company-wide. Employees are required to acknowledge and comply with these policies each year.
Questions about our security?
For security questions, to request our compliance documentation, or to report a vulnerability, reach our team directly.
Attn: Data Protection Officer
6th Floor, Meydan Grandstand
Nad Al Sheba, Meydan Road
Dubai, United Arab Emirates