/*button css */

Governance and Security

At LōD  we are committed to upholding the highest security standards, reflected in our SOC 2 Type II compliance across all five trust service criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. Our Security and Privacy teams ensure that policies and controls are continuously monitored, audited, and improved to maintain the integrity and security of our systems.

SECURITY - SOC2 TYPE2 - SYMBOL

Governance Principles

Defense-in-Depth

We implement layered security controls to ensure multiple layers of protection across our infrastructure.

Least Privilege Access

Access is strictly limited to those with a legitimate business need and based on the principle of least privilege.

Continuous Improvement

Our controls are regularly updated to enhance effectiveness, auditability, and reduce operational friction.

Data Protection

Data at Rest

All personally identifiable data stored in our systems is encrypted using industry-standard methods, including AES-256 encryption for sensitive data. We ensure that customer information is protected, even before it reaches our databases, securing it against unauthorized access both physically and logically.

Data in Transit

We use TLS 1.2 or higher to safeguard data transmitted over networks, with additional layers such as HSTS (HTTP Strict Transport Security) to maximize protection.

Product Security

Penetration Testing

At LōD , we engage with industry-leading security firms to perform penetration testing at least annually. These assessments cover our entire infrastructure, from cloud environments to product interfaces, ensuring all vulnerabilities are identified and mitigated promptly. We ensure that full system access, including source code, is provided to our testers to maximize coverage. Detailed penetration test reports are available for review by our clients upon request.

Enterprise Security

Endpoint Protection

All corporate devices at LŌD are centrally managed and secured through Mobile Device Management (MDM) software. We enforce disk encryption, anti-malware protection, and regular software updates on all devices. Alerts from our endpoint protection systems are monitored 24/7 to ensure any anomalies are addressed immediately.

Vendor Security

LŌD follows a risk-based approach to vendor management. Vendors are evaluated based on their access to our customer and corporate data, the potential risk they pose to our infrastructure, and their overall security posture. Each vendor undergoes continuous monitoring and periodic reviews to ensure compliance with our security standards.

Secure Remote Access

LŌD ensures secure remote access through the use of Virtual Private Networks (VPNs) and encrypted connections. All access to our systems from external networks is tightly controlled and logged, with multi-factor authentication (MFA) enforced on critical systems. Malware-blocking DNS servers are also used to protect our employees while browsing the internet.

Security Training

LŌD provides comprehensive security training to all employees upon onboarding and annually. Employees are educated on secure coding practices, identifying social engineering attacks, and the correct handling of sensitive data. We also conduct regular simulations and provide threat briefings to keep our team updated on emerging security threats.

Resources