Turbot Security

Ensuring our product meets the robust data security needs of our customers is a top priority at Turbot; it is vital our customers have confidence in the security of our solutions. Our goal is to continually earn our customer's trust. We do this by leveraging industry standard security solutions and best practices. We are continuously iterating on our processes and product with the latest security features to stay ahead of the ever-changing and evolving security best practices and enterprise customer requirements. Our commitment to meet and exceed these data security, privacy and compliance needs of our customers is core to our business and a shared value across our employees. If you have any security, compliance or privacy questions, please contact us at security@turbot.com.

Service Organization Control (SOC)

Deep external audit which closely examines our company's information systems, processes and policies managing services to ensure they meet five principles of trust established by the American Institute of CPAs (AICPA): security, availability, processing integrity, confidentiality, and privacy. SOC certification is awarded to businesses who demonstrate their ability to meet the institute's high standards in each of those categories audited by a AICPA-certified third party auditor. Our auditors perform our SOC audits annually each April. The auditors prepare their audit report which is then released each May. Under NDA, to request a copy of Turbot's SOC1 and SOC2 reports, please contact your Account Lead or email security+soc@turbot.com.

SOC 1 Type 2

For Turbot Cloud and Steampipe Cloud, Turbot has completed a SOC 1 Type II report to validate our process and controls around financial reporting.

SOC 2 Type 2

For Turbot Cloud and Steampipe Cloud, Turbot has completed a SOC 2 Type II to validate our information security system controls.

SOC 3

Turbot maintains a SOC 3 report which is the public, summarized version of the SOC 2 report. You can download the latest report here.

Center for Internet Security (CIS) Benchmark Certification

Turbot has been recognized as a Center for Internet Security (CIS) SecureSuite member, receiving a CIS Benchmark Certification for our Turbot Cloud and Turbot Enterprise software. Turbot obtained our CIS Benchmark Certification by using our own software to prove the requirements for the Certification.

General Data Protection Regulation (GDPR)

We firmly support GDPR in both practice and philosophy. We work with our customers in the European Economic Area to assure compliance with personal data handling requirements and cross-border transfer requirements under GDPR guidelines. As a processor, we process data on behalf of our customers. We expect that some of our customers will require us to enter into a data processing addendum ("DPA"), per Article 28 of GDPR. Turbot uses several subprocessors, but the majority of our obligations hinge on our primary subprocessors: Amazon Web Services (AWS) and Google Cloud Platform (GCP). More information is in our privacy policy.

California Consumer Privacy Act ( CCPA )

Turbot will support any removal request from any state/country as long as it is valid and made by a qualified party. Please email us at privacy@turbot.com for any requests.

Privacy Shield

Turbot complies with the EU-US and Swiss-US Privacy Shield frameworks as set forth by the US Department of Commerce with respect to the collection, use, and retention of personal data transferred from the European Union, the United Kingdom, Switzerland, and the United States. Turbot has certified with the Department of Commerce that we adhere to the Privacy Shield principles. For more information about the Privacy Shield program, and to view Turbot's Privacy Shield certification, please review our privacy policy and visit Privacy Shield Active Participant - Turbot.

If you have any security, compliance or privacy questions, please contact us at security@turbot.com.