← Back to Trust Center

Security Controls

Detailed breakdown of PieEye's security and compliance controls

PieEye implements a comprehensive set of security controls designed to protect customer data and ensure compliance with global privacy regulations. Our controls are mapped to industry standards including SOC 2, ISO 27001, GDPR, CCPA, and HIPAA requirements.

Access Controls

User authentication, authorization, and access management

Multi-Factor Authentication (MFA)

MFA enforced on all production accounts and administrative access

Implementation

TOTP-based MFA using industry-standard authenticator apps

Responsibility

Security Team

Testing & Validation

Quarterly access reviews and MFA compliance audits

Compliance Frameworks

SOC 2 CC6.1ISO 27001 A.9.2.1GDPR Art. 32

Role-Based Access Control (RBAC)

Principle of least privilege access with role-based permissions

Implementation

Granular permissions based on job function and data sensitivity

Responsibility

IT Operations

Testing & Validation

Monthly access reviews and quarterly privilege audits

Compliance Frameworks

SOC 2 CC6.2ISO 27001 A.9.1.1HIPAA 164.312(a)

Session Management

Secure session handling with automatic timeout and monitoring

Implementation

15-minute idle timeout, secure session tokens, concurrent session limits

Responsibility

Development Team

Testing & Validation

Automated session testing and quarterly security reviews

Compliance Frameworks

SOC 2 CC6.3ISO 27001 A.9.4.2

Data Protection

Encryption, data classification, and privacy controls

Encryption in Transit

All data transmission protected with TLS 1.3 encryption

Implementation

TLS 1.3 with perfect forward secrecy, HSTS headers, certificate pinning

Responsibility

Infrastructure Team

Testing & Validation

Continuous SSL/TLS monitoring and quarterly penetration testing

Compliance Frameworks

SOC 2 CC6.7ISO 27001 A.13.1.1GDPR Art. 32

Encryption at Rest

All stored data encrypted using AES-256 encryption

Implementation

AES-256-GCM encryption with separate encryption keys per customer

Responsibility

Security Team

Testing & Validation

Quarterly encryption audits and key rotation testing

Compliance Frameworks

SOC 2 CC6.7ISO 27001 A.10.1.1HIPAA 164.312(a)(2)(iv)

Data Classification

Systematic data classification and handling procedures

Implementation

Automated PII detection, data sensitivity labeling, retention policies

Responsibility

Privacy Team

Testing & Validation

Monthly data classification audits and quarterly policy reviews

Compliance Frameworks

GDPR Art. 5CCPA 1798.100ISO 27001 A.8.2.1

Key Management

Secure encryption key generation, storage, and rotation

Implementation

Hardware Security Modules (HSM), automated key rotation, key escrow

Responsibility

Security Team

Testing & Validation

Annual key management audits and quarterly rotation testing

Compliance Frameworks

SOC 2 CC6.7ISO 27001 A.10.1.2FIPS 140-2

Network Security

Network infrastructure protection and monitoring

Firewall Management

Network perimeter protection with stateful inspection

Implementation

Next-generation firewalls with deep packet inspection and threat intelligence

Responsibility

Infrastructure Team

Testing & Validation

Monthly firewall rule reviews and quarterly penetration testing

Compliance Frameworks

SOC 2 CC6.6ISO 27001 A.13.1.2

DDoS Protection

Distributed denial-of-service attack mitigation

Implementation

Cloudflare DDoS protection with automatic scaling and traffic filtering

Responsibility

Infrastructure Team

Testing & Validation

Quarterly DDoS simulation testing and continuous monitoring

Compliance Frameworks

SOC 2 CC6.6ISO 27001 A.13.1.3

Network Monitoring

Continuous network traffic monitoring and anomaly detection

Implementation

SIEM integration, network flow analysis, behavioral analytics

Responsibility

Security Operations Center

Testing & Validation

Daily monitoring validation and monthly incident response drills

Compliance Frameworks

SOC 2 CC6.8ISO 27001 A.16.1.1

Application Security

Secure development lifecycle and application protection

Secure Development Lifecycle (SDL)

Security integrated throughout the development process

Implementation

OWASP guidelines, security code reviews, automated SAST/DAST testing

Responsibility

Development Team

Testing & Validation

Pre-deployment security scans and quarterly code audits

Compliance Frameworks

SOC 2 CC8.1ISO 27001 A.14.2.1OWASP Top 10

Vulnerability Management

Systematic identification and remediation of security vulnerabilities

Implementation

Automated vulnerability scanning, patch management, threat intelligence

Responsibility

Security Team

Testing & Validation

Weekly vulnerability scans and monthly patch compliance audits

Compliance Frameworks

SOC 2 CC7.1ISO 27001 A.12.6.1

API Security

Secure API design and implementation for e-commerce integrations

Implementation

OAuth 2.0, rate limiting, input validation, API versioning

Responsibility

Development Team

Testing & Validation

Monthly API security testing and quarterly penetration testing

Compliance Frameworks

SOC 2 CC8.1ISO 27001 A.14.2.3OWASP API Security

Privacy & Compliance

Data privacy controls and regulatory compliance

Consent Management

Automated consent collection and management for global regulations

Implementation

Granular consent tracking, automated consent withdrawal, audit trails

Responsibility

Privacy Team

Testing & Validation

Monthly consent compliance audits and quarterly legal reviews

Compliance Frameworks

GDPR Art. 6-7CCPA 1798.120CPRA 1798.135

Data Subject Rights (DSAR)

Automated fulfillment of data subject access requests

Implementation

Self-service portal, automated data discovery, response tracking

Responsibility

Privacy Team

Testing & Validation

Monthly DSAR response testing and quarterly legal validation

Compliance Frameworks

GDPR Art. 15-22CCPA 1798.100-110CPRA 1798.105-130

Data Retention & Deletion

Automated data lifecycle management and secure deletion

Implementation

Retention policies, automated deletion workflows, deletion verification

Responsibility

Privacy Team

Testing & Validation

Monthly retention compliance audits and quarterly deletion testing

Compliance Frameworks

GDPR Art. 5(1)(e)CCPA 1798.105ISO 27001 A.8.2.3

Privacy Impact Assessments (PIA)

Systematic privacy risk assessment for new features and integrations

Implementation

Automated PIA workflows, risk scoring, mitigation tracking

Responsibility

Privacy Team

Testing & Validation

Quarterly PIA process reviews and annual methodology updates

Compliance Frameworks

GDPR Art. 35ISO 27001 A.8.2.1

Operational Security

Incident response, monitoring, and business continuity

Incident Response

Comprehensive incident response procedures and team

Implementation

24/7 SOC, automated incident detection, escalation procedures

Responsibility

Security Operations Center

Testing & Validation

Monthly incident response drills and quarterly tabletop exercises

Compliance Frameworks

SOC 2 CC7.3ISO 27001 A.16.1.4NIST SP 800-61

Logging & Monitoring

Comprehensive security event logging and monitoring

Implementation

Centralized logging, SIEM integration, behavioral analytics

Responsibility

Security Operations Center

Testing & Validation

Daily log validation and monthly monitoring effectiveness reviews

Compliance Frameworks

SOC 2 CC7.2ISO 27001 A.12.4.1GDPR Art. 32

Backup & Recovery

Regular data backups and disaster recovery procedures

Implementation

Daily encrypted backups, off-site storage, recovery testing

Responsibility

IT Operations

Testing & Validation

Monthly backup verification and quarterly disaster recovery drills

Compliance Frameworks

SOC 2 CC7.5ISO 27001 A.12.3.1HIPAA 164.308(a)(7)

Business Continuity

Business continuity planning and testing

Implementation

BCP documentation, alternative processing sites, communication plans

Responsibility

Operations Team

Testing & Validation

Annual BCP testing and quarterly plan updates

Compliance Frameworks

SOC 2 CC7.5ISO 27001 A.17.1.1

Control Effectiveness

All controls are regularly tested, monitored, and updated to ensure continued effectiveness. Control testing results are reviewed by management and external auditors as part of our SOC 2 and ISO 27001 certification processes.