Security & compliance resources

Security you can trust. Resources you can access.

Protecting sensitive information is the foundation of everything we build. Whether you're evaluating SpecterX as part of your procurement process, reviewing our security posture or supporting your organization's compliance initiatives, this page provides the security and compliance resources we make publicly available.

Need something more specific? Our team is happy to help.

Certifications

Independently validated, stated plainly.

Independent validation provides confidence that our security practices are continuously evaluated against internationally recognized standards. Attestations exactly as they stand — no badge inflation.

ISO/IEC 27001:2022Information Security Management
Certified
SOC 2 Type IIIndependent Attestation Report
Attested
Deployment & data protection

Protected throughout its lifecycle.

SpecterX employs a holistic approach to protecting sensitive information throughout its lifecycle — whether the data is at rest, in transit or actively being used.

Hosting

AWS, in your region.

SpecterX is deployed on Amazon Web Services and can be hosted in the region that best supports your organization's operational, regulatory and data residency requirements.

Data at rest

AES-256 encryption.

SpecterX leverages AES-256 encryption to protect data at rest.

Data in transit

SSL/TLS everywhere.

All incoming and outgoing connections are secured using SSL/TLS encrypted communications.

Data in use

Continuously validated.

SpecterX enforces identity-based access, governance policies and continuous policy validation wherever protected information is accessed.

Customer data custody

Your storage stays yours.

The files your organization shares remain within the storage infrastructure you control. SpecterX governs access, enforces security policies and maintains the metadata required for accountability and auditability — without moving shared content into SpecterX-managed storage.

Privacy

Privacy matters.

Learn how SpecterX collects, processes and protects personal information.

Read the privacy policy
Compliance alignment

The regulations change. The security principles don't.

Modern compliance frameworks may use different language, but they consistently require the same fundamental security outcomes. SpecterX was designed around those outcomes. We use the CIS Controls as a practical framework to demonstrate how the platform implements the security capabilities organizations need to support frameworks including HIPAA, NIST, CMMC, PCI DSS, GDPR and ISO 27001.

Verify identity, enforce least privilege and maintain complete control over who can access sensitive information throughout every external exchange.

Relevant CIS Controls

3.3 Configure Data Access Control Lists6.1 Access Granting6.2 Access Revocation6.4 Multi-Factor Authentication6.7 Centralized Access Control
Looking for the complete CIS mapping?Organizations requiring a detailed control-by-control mapping can request the complete SpecterX CIS Controls Matrix as part of their security or procurement review.
Questions about security?Some security documentation is provided under mutual NDA as part of customer procurement and technical evaluations — including security questionnaires, architecture discussions and deployment guidance.
Built by security experts.SpecterX was built by leaders from the intelligence and cybersecurity communities, for organizations that demand rigorous security without unnecessary complexity.
Security is a partnership

Bring us your security, privacy and compliance requirements.

If your organization has specific security, privacy or compliance requirements, we'd welcome the opportunity to discuss how SpecterX can support your security strategy.