Trust & Security

Before a new employee joins our team, Platform28 verifies their education and employment history and performs internal and external reference checks. Where local labor law and legal regulations permit, we may also conduct criminal, credit, immigration, and security checks. The scope of these background checks depends on the position.

All new Platform28 employees undergo mandatory security training as part of the orientation process. They also receive ongoing security training in the course of their work. During onboarding, new employees agree to our Code of Conduct, which addresses our commitment to keeping customer information secure. Depending on their job role, additional training on specific security aspects may be required.

We have a dedicated risk and compliance manager on the team. They work in tandem with our executive leadership and subject matter experts to codify security procedures and best practices and ensure ongoing compliance.

Our operations team uses a set of monitoring alert rules to define critical security and availability standards for the production environments of all our services. The team also employs third-party and internally developed monitoring and analysis tools to closely monitor any unusual activity.

We are currently in the process of obtaining the following security certifications for all Platform28 services:

• Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is a proprietary information security standard administered by the PCI
• PCI Security Standards Council.

System and Organization Control (SOC) 2 — This certification validates Platform28’s physical and environmental safeguards for production data centers, backup and recovery procedures, software development processes, and logical security controls.

We encrypt data-at-rest using 256-bit Advanced Encryption Standard (AES-256) at a storage layer and application-level encryption to meet relevant PCI, SOC, and ISO security requirements.