Help Center

Swif Security

Security Risk &
Compliance Overview

Swif is a one-stop AI-powered device management that seamlessly integrates compliance automation into critical facets of device management

Information Security

Swif encrypts and protects sensitive information across the transformation and analysis process.

Data in Transit

TLS encryption for all data exchanged. Additional security is available for dedicated VPN connections between the customer and Swif.

Data at Rest

AES 256-bit encryption

Network Security

Intrusion detection systems and alerts to monitor for real-time threats, including the use of Google Cloud.

Access Management & Authentication

Swif’s platform provides full control of access to all hosted information

Account Authentication

Swif partners with Auth0 to provide 2FA and SSO for account login and sign-ups

Password Policies

Required strength factors (minimum characters, required numbers, and special characters, common passwords rejected), salted and hashed password storage, and password resets

Granular Access Control and Review

Role-based access, visibility, and user access rights. Regular access review and analysis

Audit and Access Logging

Detailed tracking and audit logging of all activities related to the application environment and administrative activity

Software Development Practices

Security processes have been fully integrated into the Swif software development processes. Developers receive training that focuses on OWASP-specific guidelines. In addition, processes are set up to allow for separation of duties and segmentation of platforms with dev, staging, and production.

OWASP-based security controls design
Separation between dev, staging, and prod
Use of test data in a development environment
Code peer review
Penetration testing
Code repository controls
Threat modeling
Deployment controls

Infrastructure Security

Swif leverages Google Cloud (GCP). We utilize hardening practices from the Center for Internet Security (CIS) Benchmarks for the platform configuration. Swif can make available all standards, GCP certifications, and accreditations along with physical security controls.

Company Policies and Procedures

Swif security, risk, and compliance processes were developed based on industry best practices and are reviewed and updated on an annual basis or upon any significant change.

Security Policies and Training

All employees go through required training upon hire and must recertify on an annual basis. Policies include

Access Control

Business Continuity

Access Control

Cryptographic Controls

Data Management

Human Resources Security

Information Security

Operations Security

Physical Security

Risk Management

Third-Party Risk Management

Platform Security

On-going security activities, including:

Network intrusion detection

Code vulnerability scanning

Penetration testing

System, network, application log analysis, reporting, and retention

Incident Response Planning & Team

in place to handle any significant security event to triage and respond to establish system resiliency, minimize impact, and protect customer data.

Regular Third-Party Security Review

that identifies and evaluates security risks of vendors and third parties.

Standards and Certification

Swif is committed to establishing and maintaining compliance with key information security and regulatory standards, including:

Service Organization Control (SOC) 2
CSA Controls Matrix

Swif and third-party certification and verification reports are available for limited distribution and shared under non-disclosure agreements.

Use Swif for free

Use Swif for free if you have up to 5 employees. Get a custom quote based on your company's size.