Codieshub

Security

At Codieshub we take the security of our customer data seriously. We work every day to ensure that our security is aligned with industry security standards.

Codieshub is SOC 2 Compliant

With a focus on providing outsourced software developers, Codieshub recognizes the many risks involved in handling sensitive and confidential information and strives to ensure that our customers are given the best possible service in today's evolving environment. Our customers and potential prospects can be assured that we drive to handle their sensitive information with the utmost care.

AICPA
SOC
AICPA
Type 2

Read Our SOC 2 Compliance Announcement

Secure Personnel

Codieshub takes the security of its data and that of its customers seriously and ensures that only vetted personnel are given access to their resources.

  • All Codieshub contractors and employees undergo background checks prior to being engaged or employed by us in accordance with local laws and industry best practices.
  • Confidentiality or other types of Non-Disclosure Agreements (NDAs) are signed by all employees, contractors, and others who have a need to access sensitive or internal information.
  • We embed the culture of security into our business by conducting employee security training & testing, using current and emerging techniques and attack vectors.

Secure Development

Codieshub follows industry-standard programming techniques for development documentation and quality assurance processes to ensure that our customer applications meet modern security standards.

  • All development projects at Codieshub, LLC, including on-premises software products, support services, and our own Digital Identity Cloud offerings, follow secure development lifecycle principles.
  • All development of new products, tools, and services, as well as major changes to existing ones, undergoes a design review to ensure security requirements are incorporated into proposed development.
  • All team members who are regularly involved in any system development undergo annual secure-development training in coding or scripting languages that they work with, as well as any other relevant training.
  • Software development is conducted in line with OWASP Top 10 recommendations for web application security.

Secure Testing

Codieshub deploys third-party penetration testing and vulnerability scanning of all production and internet-facing systems on a regular basis.

  • All new systems and services are scanned prior to being deployed to production.
  • We perform penetration testing on new systems or major changes to existing systems to ensure a comprehensive and real-world view of our environment.
  • We perform static and dynamic software application security testing of all code, including open-source libraries, as part of our software development process when signed by our customers.

Secure Cloud Infrastructure

Codieshub builds on modern, hardened cloud infrastructure providers — AWS, GCP, and Azure — and applies the same defense-in-depth controls across every environment.

  • Production systems run in private VPCs with strict inbound/outbound rules and network segmentation between tiers.
  • All traffic is encrypted in transit with TLS 1.2+; data is encrypted at rest with provider-managed KMS keys.
  • Centralized logging, monitoring, and alerting with 24/7 on-call rotations on mission-critical workloads.
  • Infrastructure is managed as code (Terraform / CloudFormation) with peer review and automated drift detection.

Data Handling & Privacy

Codieshub treats customer data with the same care as our own. Access is least-privilege by default, audited, and bounded to the scope of the engagement.

  • Role-based access control with periodic access reviews; just-in-time elevation for any sensitive operation.
  • Data classification policy identifies regulated data (PII, PHI, financial) and applies stricter controls end-to-end.
  • Data retention and secure deletion procedures align with customer contracts and applicable regulations.
  • Subprocessor list maintained and shared on request; incident-notification SLAs defined in every MSA.

Build with a partner who takes your data seriously

Have a question about our SOC 2 posture, subprocessors, or a specific control? We'll answer on the first call.

Start a Project