PhishingBox knows that vendor due diligence is critical in selecting a service provider. As such, PhishingBox has developed the Trust Center to outline its key security and compliance practices. From the Trust Center, you can access the Security Summary, General Data Protection Regulation (GDPR) compliance items, and other key policies and information.
In the current environment, vendor due diligence is a must when outsourcing services. Any organization should thoroughly review their service providers to ensure that they have implemented sound information security and privacy practices. To help organizations evaluate PhishingBox, we have created a Trust Center to organize key components of our security and compliance practices and certifications.
Clients and prospects have access to PhishingBox Security Summary, General Data Protection Regulation (GDPR) compliance items, and other key policies and information from the Trust Center.
Security Summary: The Security Summary provides an overview of PhishingBox's key security practices. The summary is similar to the description of controls within SOC reports.
SOC Audit: PhishingBox has a SOC Audit conducted at least annually. These audits provide independent, third-party verification of PhishingBox's security controls.
GDPR Compliance: As a data processor for clients worldwide, PhishingBox must provide a GDPR compliant platform. Our GDPR section highlights critical aspects of GDPR, including a data processing addendum.
Cloud Security Alliance (CSA): The CSA has become a premier standard for documenting cloud provider controls. PhishingBox has adopted the CSA STAR program and has made our Diligence document available to partners and clients.
If you need additional information for conducting your due diligence, we are here to help. Contact your account manager or email us at firstname.lastname@example.org.
Visit the Trust Center to start you vendor due diligence process.
Running simulated phishing tests will determine your employees' susceptibility to social engineering and phishing scams. Train your employees and help them identify spear phishing and ransomware attacks.