Compliance
Built for regulated teams.
2020.systems operates under a defense-in-depth program that scales from pilot deployments to national infrastructure. We combine independent attestations, live controls, and transparent documentation so you can move from procurement to production without compromise.
SOC 2 Type II
Continuous monitoring, quarterly access reviews, and automated evidence collection keep us aligned with the SOC 2 Trust Services Criteria.
ISO 27001 Controls
Formal risk assessments, asset inventories, supplier reviews, and playbooks mapped to Annex A safeguards.
Privacy & Data Residency
Regional storage options, granular retention policies, and signed DPAs for customers with GDPR or CCPA obligations.
Key Operational Controls
- Encryption in transit (TLS 1.3) and encryption at rest (AES-256) across object storage and databases.
- Role-based access with mandatory MFA, hardware keys for privileged accounts, and automatic session expiration.
- Separate production, staging, and development environments with infrastructure-as-code drift detection.
- Hourly vulnerability scans, monthly penetration tests, and bug bounty coordination through a responsible disclosure program.
- Immutable audit logs for pipeline executions, API calls, and administrative actions.
- Business continuity plan with multi-region replication and documented RPO/RTO targets.
Audit-ready documentation
Need evidence for your own exam? Start with the summaries below or reach out to trust@2020.systems for a tailored security packet.