Our Security Program

Enterprise-Class Security & Infrastructure

Led by a dedicated Security team, Backstop uses a layered approach of overlapping controls, monitoring and authentication to ensure overall security of Backstop’s data, network and system resources - for our clients' peace of mind.

Key Points

  • Dedicated Security Team
  • SOC 2 Compliance
  • Annual Penetration Testing
  • User Controls
  • Internal Security

Dedicated Security Team

We recognize that information and data security is vital to our clients. Our full-time security staff, led by our VP of Information Security, is dedicated to ensuring that comprehensive security policies and processes are regularly maintained, tested and updated to ensure the highest levels of service and data protection.


SOC 2 Compliance

Backstop as a company has completed the System and Organization Controls 2 (SOC 2) examination and audit, standard set by the American Institute of Certified Public Accountants (AICPA). Our servers are located in industry-leading data centers that are also SOC 2 audited.

Annual Penetration Testing

Backstop annually contracts an independent third-party firm to evaluate the security of the Backstop systems and software. Assessments are performed by CISSP and GIAC certified consultants using a methodology based on industry best practices, such as ISO 17799, NSA-IAM, OWASP and OSSTMM.

User Controls

Backstop’s permission model offer clients the ability to determine which users have access to different categories of information within Backstop.

Internal Security

All Backstop employees are subject to comprehensive background checks prior to employment, and all employees are bound by strict non-disclosure and client data confidentiality agreements.