General
Pricing
Product updates
Sign InBook a Demo
Scope
PricingProduct updates
Sign InBook a Demo

Security & Compliance

The security of your and your client's data is the most important part of what we do in Scope.

Introduction

Scope is a modern cloud-based platform for customer onboarding for B2B companies. We take security seriously and it's our top priority to protect your organization and clients. Scope uses modern industry standards and best practices for application security.

Encryption

All data in transit is encrypted between source and destination using SSL/TLS with RSA 2048 key encryption. This includes data between the client application and the API server, and the API server and the database. Encryption at rest is also applied to the database.

Data Centres

Our infrastructure is provided by Amazon Web Services (AWS), an industry-standard in hosting. Like us, they treat security as a top priority. You can read about their superior visibility, control and permissions here.

Network isolation

All network infrastructure, with the exception of the load balancer, resides within a virtual private subnet. This ensures that only the load balancer is Internet-facing.

The virtual private subnet ensures that direct communication from the client application to the server, database and storage servers cannot be achieved, thus increasing security through layers of defense.

Authentication

All database read/write actions require authentication. Role based authentication is also undertaken by the API server for each request and only operations allowed by the specific role will be processed by the API server.

Company based authentication is implemented in the core of API servers to ensure that a user from one company cannot access or write data to another company entity.

Password Management

Passwords are never stored in plain text within the database. An individual hash and salt is stored for each user ensuring compromise of one password will not allow other passwords to be obtained.

Staff Accessibility

Employees and contractors use a password manager that enforces strong passwords. They are only authorized to access data that they need to carry out their duties.

Multi-factor authentication is enforced on all platforms that allow it.

Logging & Alerts

Scope is continually monitored for downtime, errors and access. Logs are maintained for analysis and debugging. Critical alerts are flagged with our engineering team immediately.

Incident Management

At Scope, we have a dedicated approach to tracking and resolving security incidents. Our processes include:

  • Problem Tracking Log: We maintain a Problem Tracking Log to document and monitor all registered security issues, ensuring timely investigation and resolution.
  • Incident Response Plan Overview: We have developed an "Incident Response Plan Overview" to outline how we identify, manage, and resolve incidents. This overview is shared with our customers to provide transparency into our security response processes.

By staying proactive and transparent, we ensure that any security concerns are addressed promptly and effectively, further reinforcing trust and reliability for our customers.

Questions

If you have any questions, please contact us.

Scope
Product
Changelog
Scope
© 2025 Scope Innovations Inc. All rights reserved.
Terms & Conditions
Privacy Policy
Cookie Policy
Security