We invest heavily in security to keep our platform secure and aware of potential threats. See our Security Whitepaper for more information.Learn More
Our Privacy By Design process evaluates every major product release to ensure proper implementation of best privacy practices.Learn More
For a list of our compliance certifications, click here.Learn More
Posh conversational AI bots enable financial institutions to improve communication with their customers. Through our confidentiality controls and data integrity processes, we protect, secure, and encrypt those conversations based on our core security principles.
Every Posh team member undergoes security and privacy awareness training during orientation or on an annual basis. Through security awareness training, we maintain our proactive approach to threat and risk mitigation.
Security is a priority throughout our organization and is built into our culture. We maintain an experienced and skilled security team who conduct security assessments, promote secure coding practices, operation activities, perform risk assessments, conduct penetration tests, and ensure we adhere to the latest regulatory and compliance standards.
Confidentiality—Through strong encryption, cryptography, and tokenization standards.
Integrity—Using tools and controls to mitigate the ability to alter data or unauthorized access to data. These tools include FIM, Key Management controls, and secure management of secrets and keys.
Availability—Geographic redundant Google zones support our ability to ensure Posh maintains high availability for the platform. Regular backs-up and semi-annual DR tests enhance our ability to provide attractive SLAs for our product.
Posh conducts red team/blue team exercises on an annual basis as part of our incident response planning policy and procedure. The scenarios are based on the Mitre Att&ck framework and fintech-specific threat intel feeds which provide a prioritized list of risk-based table-top exercises to aid us in mitigating potential security incidents.
Posh follows four data classification categories when classifying data: Restricted, Confidential, Private, and Public. All personal identifiable information is considered restricted data and other customer information is considered confidential. Access controls, data leakage controls, and policies enforce who at Posh have privileges to read this content.
Changes are fully vetted and peer reviewed prior to every production release going out. We have robust test and rollback plans in place to ensure releases are deployed in a manner which follows our confidentiality, integrity, and availability security principles, but in the same manner adheres to our segregation of duties for our releases to production.