P
PrimeContractorOS

Security

Protecting your sensitive contracting data is our top priority. Learn about the security measures we implement to keep your information safe.

Encryption

All data is encrypted using AES-256 at rest and TLS 1.3 in transit. Database connections use encrypted channels. File uploads are encrypted before storage. Encryption keys are managed through a dedicated key management service with automatic rotation.

Infrastructure

PrimeContractorOS runs on US-based cloud infrastructure with redundant systems across multiple availability zones. Our infrastructure providers maintain SOC 2 Type II, ISO 27001, and FedRAMP certifications. All servers are hardened according to CIS benchmarks.

Authentication & Access

User authentication is handled through secure OAuth with support for multi-factor authentication. Session tokens are cryptographically signed and expire after inactivity. Role-based access controls ensure users only access data relevant to their role. All authentication events are logged.

Monitoring & Audit

All user actions are logged in an immutable audit trail. We monitor for suspicious activity including unusual login patterns, bulk data exports, and unauthorized access attempts. Security alerts are reviewed by our team within one hour during business hours.

Backups & Recovery

Data is backed up continuously with point-in-time recovery capability. Backups are encrypted and stored in a separate geographic region. We test disaster recovery procedures quarterly to ensure data can be restored within our published recovery time objectives.

Vulnerability Management

We conduct regular vulnerability assessments and penetration testing through qualified third-party firms. Security patches are applied within 24 hours for critical vulnerabilities. Our development process includes security code reviews and automated security scanning in our CI/CD pipeline.

Report a Security Issue

If you discover a security vulnerability, please report it responsibly to [email protected] with the subject line "Security Report." We take all reports seriously and will respond within 24 hours.