Security

Effective Date: 4/21/24

Dirac makes the security of our systems and your data a top priority.

Dirac’s Security Tenets:

• Only those who need to know have access (Principle of Least Privilege).
• We believe in the Swiss Cheese Model, where even if one level of security fails, there are always more safeguards.
• Security covers all facets of our system, from user data to cloud infrastructure and company hardware.

Dirac maintains compliance with SOC 2 Type II and is working towards NIST CSF and ISO 27001 compliance.

Data Protection:

• Dirac encrypts all data at rest in S3 buckets, EC2 servers, and databases with AWS KMS, employing industry-standard AES-256 on all customer data.
• Data in-transit is encrypted with industry-standard TLS 1.2, with keys also managed by AWS, deployed via Application Load Balancers.

Vulnerability Scanning:

Dirac scans for vulnerabilities at all stages of the product lifecycle including:

• Code development and pull requests
• Network vulnerabilities
• Dependency scanning

Dirac also ensures that all endpoints and remote access to resources are monitored 24/7 for threats, with the Vanta Agent installed on all company devices.

If you have questions about Dirac’s security practices, feel free to contact us at the information below.