Choice Screening's leadership team has established policies and controls in alignment with System and Organization Controls for Service Organizations 2 (SOC 2) Common Criteria, and continuously monitors those policies and controls using Vanta, the leading Trust Management Platform.
Choice Screening engages with one of the best penetration testing consulting firms in the industry at least annually. Our current preferred penetration testing partner is Kobalt.io. We make summary penetration test reports available via our Trust Report (coming soon).
Choice Screening requires vulnerability scanning at key stages of our Secure Development Lifecycle (SDLC), including detecting vulnerable libraries introduced in pull requests, quarterly vulnerability scans against our codebase and periodic network vulnerability scanning in our production environments.
Choice Screening utilizes Microsoft Active Directory to secure our employee identity and access management. We also use Auth0 for our client-facing applications to provide the same security to our clients. Choice Screening employees are granted access to applications based on their role and are deprovisioned upon termination of their employment. Further access must be approved according to the policies set for each application.
Once the inherent risk rating has been determined, the security of the vendor is evaluated, including evaluating any security and compliance certifications or attestations they hold, in order to determine a residual risk rating and an approval decision for the vendor.