Tilt is committed to keeping our Customers’ data private and secure. We implement security and privacy controls, policies and measures throughout our operations and system architecture. This fact sheet describes our security and privacy controls, policies and measures.
Tilt is built upon a robust cloud infrastructure and is hosted within Amazon Web Services (AWS). When data is sent to us, it is protected. Tilt completed our first SOC 2 Type ll audit in June 2022 and our SOC 2 report is ready to review upon request.
Tilt maintains a corporate Information Security program with a dedicated budget and team that covers the entire scope of its operations. Key features include:
The Tilt platform is protected against failures through multiple resilience and backup protocols.
Tilt maintains formal change management and software development life cycle policies that define procedures and requirements for developing, testing and implementing application and infrastructure changes.
Tilt maintains robust defensive and hardening measures to ensure the security of its systems and data.
Tilt maintains formal processes for responding, handling and tracking security incidents. After incidents are confirmed, Tilt immediately implements a containment process to reduce the magnitude of the incident and track to resolution. Incident response plans are tested annually to ensure ongoing effectiveness.
Tilt maintains robust access control policies and procedures to ensure that all corporate and customer data is protected from unauthorized access.
Tilt leverages a formal risk management process that informs the security controls, policies and measures that are implemented. Risk assessments are performed on a regular basis, and identify key threat and vulnerability scenarios concerning data processing, internal controls, business objectives, fraud, technology environments and regulatory landscapes.
Tilt carries various forms of insurance as part of its risk management program.
Further, Tilt also performs external penetration testing and vulnerability scanning on a periodic basis. Critical vulnerabilities are assessed by management and remediation is tracked closely.
To ensure the integrity of its supply chain, Tilt maintains strict vendor management protocols.
Tilt maintains an information security program that meets the American Institute of Certified Public Accountants (AICPA) Trust Services Criteria (TSC) for security. Tilt completed SOC 2 Type ll audit and report in June 2022.