OUR SECURITY PRACTICES
Security Matters

Compliance

Data Infrastructure

Personnel Security

Product Development
Compliance |
|
SOC 2 Type II Certified |
Growers Edge was recertified for SOC 2 Type II in December 2023 for the period from October 1, 2022 through September 30, 2022, and will continue to see annual certification. |
California Consumer Privacy Act Compliance |
We ensure policies, processes and controls comply with California Consumer Privacy Act requirements. |
Data & Infrastructure Security |
|
Secure Infrastructure Provider |
We host our applications, data and infrastructure in physically secure, U.S.-based Microsoft Azure data centers and Amazon Web Services (AWS) facilities that include boundary protection, data backup, data encryption, 24/7 on-site security, camera surveillance, and more. In addition, some data is also stored in Fiserv, Inc. and MeridianLink data centers. |
Data Encryption in Transit & At Rest |
All data sent to or from Growers Edge is encrypted using the HTTP-Secure (HTTPS) Protocol and stored at rest at the server level in either Azure or AWS. Personal information is further encrypted at rest at the column level. For Lending data, transparent data encryption is enabled to encrypt production databases, backups, and logs at rest. |
Data Redundancy and Resiliency |
Growers Edge’s infrastructure has been designed to be fault tolerant. All databases are continuously backed up. |
Strict Access Controls |
Access to all Growers Edge systems is managed through our Product Teams or its managed service provider, which includes user provisioning, 2FA and activity logs. |
Server Security and Monitoring |
All servers are configured using documented security guidelines, and images are managed centrally. Changes to the company’s infrastructure are tracked, and security events are logged appropriately. |
Personnel Security |
|
Formal Security Policies and Incident Response Plan |
Growers Edge maintains a set of comprehensive security policies that are kept up to date to meet the changing security environment. These materials are made available to all employees during training. |
Strict Onboarding and Offboarding Process |
Every new hire passes thorough background checks and attends a “Legal and Security” training course and annual Security Awareness Training. Growers Edge disables departing employee’s devices, apps and access during offboarding. |
Continuous Security Training |
The Growers Edge Security Team provides continuous education on emerging security threats, performs phishing awareness campaigns, and communicates with employees regularly. |
Office Security |
Growers Edge manages visitors, office access, and overall office security via a formal office security program. |
App & Development |
|
Penetration Testing and Application Testing |
We regularly run internal penetration tests and partner with reputable security firms to run external penetration tests. Additionally, our application development process allows anyone in our organization to test our system and report defects. |
Application Monitoring and Protection |
All app access is logged and audited by our Product Teams through Azure AD. We also use a wide variety of solutions to quickly identify and eliminate threats, including an Azure Sentinel Security Information and Event Management (SIEM) solution and Huntress for advanced Endpoint Detection and Response (EDR). |
Development and Change Management Process |
Code development is done through a documented SDLC process, and every change is tracked via a code repository and ticketing system. Automated controls ensure changes are peer reviewed and pass a series of tests before being deployed to production. |
Third-Party Vendor Security Review Process |
We ensure all of our third-party apps and providers meet our security data protection standards before using them and review them annually. |
To view our Information Security Management System (ISMS), click here.
Protect Your Bottom Line
Our commitment to data security and privacy doesn’t just impact our business operations. We help our ag partners understand the value of this work and how it can be used to strengthen their own security.
