ConsenSys operates on an ISO/IEC 27001 aligned Information Security Management System (ISMS). We are in the process of obtaining a SOC 2 report and ISO27001 certification for the majority of our commercial solutions, using a specialized security and compliance automation platform.
Our people and community
- ConsenSys has a dedicated security team formed by experienced specialists skilled in multiple disciplines.
- Many of our employees embrace their role as cybersecurity champions to make sure our solutions are secure.
- All our employees and contractors receive mandatory security awareness training.
- Our dedicated community specialists actively engage with our community to keep everyone safe.
- Our services are built on secure cloud infrastructure, protected by web performance and security services against DDOS and network attacks, using data encryption in-transit and at-rest.
- Our technology and solutions are highly resilient based on blockchain distributed systems.
- ConsenSys is a cloud native company, we utilize cloud industry leaders to build our services including Amazon Web Services, Google Cloud Platform and Azure infrastructure.
- Our services and solutions are designed focused on security, scalability and reliability, offering multiple service or exclusive availability zones configured to meet customer demands
- We use centralized identity management with enabled MFA to secure access to our core solutions.
- These cloud services are certified and compliant to multiple security standards including ISO27001, SOC 2, and GDPR. We are in the process of implementing SOC2 for some of our services.
- Our dedicated Customer Success engineers, DevOps and Security teams monitor and respond to any unforeseen incidents.
- Our infrastructure is monitored by security cloud solutions, monitoring tools, incident management and native security controls configured to prevent, detect, respond and correct to security incidents, vulnerabilities and misconfigurations.
- Our security Incident management process aligned to ISO 27001:2013
- Our applications undergo a static code analysis, peer review, library dependency to prevent vulnerabilities from being embedded into our solutions.
- We prioritize our customers security needs, including security best practices and tooling enabling continuous security.
- Our core solutions are pen tested regularly by independent parties.
- Security researchers can submit bugs in our solutions through our bug-bounty program, and get rewarded for their efforts.
- Diligence, our offensive security team, provides internal and external services.