Security

Data security questions should never hold you back. Find out how Spekit addresses your security needs, with answers on compliance, access points, data infrastructure, encryption, and more.

How are Spekit user accounts secured?
Are platform changes tested prior to release? How is testing documented?
Do platform changes require explicit approval?
Please describe Spekit’s SDLC controls. Are duties between developers and server admins segregated?
Has Spekit ever experienced a security breach?
Is Spekit compliant with any privacy frameworks (Safe Harbor, Privacy Shield, GDPR, etc.)?
What is Spekit’s security incident response process, including procedures for capturing, documenting, and remediating incidents or breaches of customer data?
How often are employees required to complete security awareness training?
What steps has Spekit taken to prevent the introduction of malicious software to employee workstations and production servers?
Are access privileges reviewed on a periodic basis?
Is there a process for Spekit employees to request and provision access to production infrastructure?
How is access to production infrastructure managed?
What data access points does Spekit require and how are they restricted?
What controls are in place to protect the Spekit production network?
Can I control what sites I give the Spekit for Chrome extension access to?
Is data that collected by the Spekit platform encrypted at rest?
How does the Spekit platform connect to customer systems? How are authentication credentials or tokens protected within the boundaries of your system?
Please describe the physical location(s) of customer data processed and stored by your system.
What procedures does Spekit have in place to determine whether a third party should have access to your customers’ data?
Does Spekit use any third parties in providing this service? What are they and how does each service interacts with customer data?
Does Spekit have a SOC 2 report, ISO 27001 certification, or other compliance documents?
Who is the point of contact for security-related questions?
Does Spekit have access to my customer data through the Salesforce integration?
Does Spekit import all my metadata when I connect?
How will the Spekit platform interact with client systems?