Can I request Strobes' SOC 2 report?

Yes. Our SOC 2 Type 2 report is available under NDA. Contact your account manager or email security@strobes.co to request a copy.

Where is customer data stored?

Customer data is stored in SOC 2 certified data centers. Deployment options include US, EU, and APAC regions. On-premise and private cloud deployments are also available for enterprise customers.

Does Strobes support SSO?

Yes. Strobes supports SAML 2.0 and OpenID Connect for single sign-on integration. We integrate with Okta, Azure AD, Google Workspace, and other identity providers.

How does Strobes handle vulnerability disclosure?

Strobes maintains a responsible disclosure program. We follow coordinated disclosure practices with a 90-day timeline. Security researchers can report vulnerabilities to security@strobes.co.

Is Strobes data isolated per customer?

Yes. All customer data is logically isolated with strict tenant separation. No customer can access another customer's data. Access controls are enforced at the application and database layer.

Trust & Security

SecurityIsWhatWeSell—AndHowWeOperate

Strobes meets the highest standards of data security, privacy, and operational integrity. Our platform is independently audited and continuously monitored.

We hold SOC 2 Type 2, ISO 27001, and CREST certifications. Our infrastructure, processes, and people are held to the same standards we help our customers achieve.

Get a Demo

Certifications

Independent Certifications & Compliance

SOC 2 Type 2

Independently audited by AICPA-accredited firm. Controls verified for security, availability, processing integrity, confidentiality, and privacy.

ISO 27001:2022

Certified Information Security Management System (ISMS). Annual surveillance audits confirm ongoing compliance.

CREST Certified

Penetration testing services delivered by CREST-certified professionals following CREST-approved methodologies.

CERT-In Empanelled

Empanelled by the Indian Computer Emergency Response Team (CERT-In) for conducting security audits and assessments.

GDPR Compliant

Data processing aligned with GDPR requirements. Data Processing Agreements (DPAs) available for all EU customers.

SOC 2 Type 1

Initial point-in-time audit completed in 2022. Upgraded to Type 2 continuous audit in 2023.

Our Practices

How We Protect Your Data

Infrastructure Security

Strobes is hosted on enterprise-grade cloud infrastructure with SOC 2 certified data centers. All environments are isolated with network segmentation, intrusion detection, and 24/7 monitoring. Infrastructure is managed as code with automated patching and configuration management. Regular penetration testing is performed against our own platform by third-party auditors.

Methodology

Industry-Standard Testing Frameworks

All security assessments follow recognized industry frameworks and methodologies.

OWASP

OWASP Top 10 and OWASP Testing Guide coverage for all web and API assessments.

SANS 25

CWE/SANS Top 25 Most Dangerous Software Errors verification.

NIST

NIST Cybersecurity Framework and NIST 800-53 control mapping.

OSSTMM

Open Source Security Testing Methodology Manual for comprehensive assessments.

Key Insight

OurSecurityResearchers

Every penetration test and validation engagement is conducted by certified security professionals with real-world offensive security experience.

OSCP

Offensive Security

Offensive Security Certified Professional — hands-on exploitation expertise.

PNPT

Practical Pentesting

Practical Network Penetration Tester certification.

CRTP

Red Team

Certified Red Team Professional for Active Directory attacks.

CISSP

Information Security

Certified Information Systems Security Professional.

Compliance Support

SecurityTestingforYourComplianceNeeds

Strobes helps organizations meet security testing requirements across major compliance frameworks:

PCI DSS — Penetration testing and vulnerability management for payment card environments
HIPAA — Security risk assessments and vulnerability management for healthcare data
SOC 2 — Continuous monitoring and evidence collection for trust service criteria
ISO 27001 — Vulnerability management and penetration testing for ISMS certification
GDPR — Data protection impact assessments and security testing for EU compliance

Our platform generates compliance-ready reports that map findings directly to control requirements — reducing audit preparation from weeks to minutes.

FAQ

Trust & Security — Frequently Asked Questions

Need our security documentation?

Request our SOC 2 report, security whitepaper, or schedule a trust review with our security team.

Contact Security Team