Your conversations are secure with us

Rafiki is SOC2 Type 1 Certified

✓ Data Center & Network Security  ✓ Application Security
✓ Data Security  ✓ Security Policies    ✓ Secure Software Development Lifecycle
✓ Application Monitoring

SOC2 Type 1 Certification

Rafiki is SOC 2 Type 1 Compliant.

SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the AICPA's Trust Services Principles criteria.

Rafiki powers you with

Product Security

Rafiki supports SAML 2.0 and uses OAuth2 standard authorization. Client Data is stored on resilient storage that is replicated across data centers

Data Security

User data is automatically encrypted using Advanced Encryption Standard (AES) 256, a secure symmetric-key encryption standard

Operational Security

Rafiki partners with Google Web Services (GCP), a world-class, secure data center provider, and utilizes its state-of-the art electronic surveillance and multi-factor access control systems.

Data Protection

  • Encryption at rest
  • Single-sign on  
  • Role-based access controls - COMING SOON
  • Logging, auditing and monitoring features
  • Features to enhance privacy of personal data
  • Encryption in transit

Threat / Vulnerability Detection

  • Entire site constantly monitored
  • Built-in anamoly detection
  • Annual external penetration testing
  • Web service uptime continuously monitored for incidents that result in denial of service attacks
  • Regularly tested for penetration and vulnerability threats

Secure Development Process

  • Software Development Life Cycle (SDLC) mandates adherence to secure coding guidelines
  • Peer code reviews
  • Release cycle follows functional, unit and extensive QA testing
  • Clearly documented change control process
  • Robust security framework based on OWASP standards
  • Screen code changes for potential security issues with our code analyzer tools