Resgrid Trust & Security

Your security is very important to us! Here is a summary of what we do every day to guarantee that your data is safe with Resgrid

 

Secure Hardware
Secure Hardware

Resgrid operates on a multi-cloud infrastructure and uses ISO 27001 certified data center facilities and relies on the data center providers for physical access control matters.

 

Encryption
Encryption

Communications between the client and our sites or APIs are using 256-bit TLS encryption. All data at rest is encrypted with AES-256.

 

Reliability
Reliability

Resgrid is built using a modern technology stack that embraces business continuity in multiple layers. Current system availability is more than 99.9% and current availability is on our System Status page.

 

Roles, Permissions & Identity
Roles, Permissions & Identity

Resgrid uses role-based security architecture and requires users to be identified and authenticated prior to use. Departments can configure custom roles and permissions. Enterprise features include Single Sign-On (SSO) via SAML/OIDC, SCIM automated user provisioning, and two-factor authentication (2FA) via TOTP for an added layer of protection.

 

Audit Logs
Audit Logs

Resgrid maintains system level (visible by us) and application level (visible by you) audit logs. These logs track system and user activity and are available within the application. Enterprise and government customers can retain audit history for up to 7 years to meet stringent regulatory and compliance requirements.

 

Change management
Change management

Our change management process is documented and regularly audited. We track individual changes all the way to production. We have several stages of code review and quality assurance before changes are implemented in production.

Enterprise & Government

Built for Enterprise & Government Security Requirements

Resgrid provides the advanced security, identity management, and deployment flexibility that enterprise organizations and government agencies demand. From centralized authentication to on-premises hosting, Resgrid is ready to meet the most rigorous security and compliance standards.

Single Sign-On (SSO)

Integrate Resgrid with your organization's identity provider using SAML 2.0 or OpenID Connect. Enforce consistent authentication policies across your entire workforce and simplify user access management.

SCIM User Provisioning

Automate user lifecycle management with SCIM 2.0 support. Automatically provision and deprovision user accounts, sync group memberships, and ensure your Resgrid roster stays in sync with your directory.

Two-Factor Authentication (TOTP)

Add an extra layer of security with time-based one-time password (TOTP) two-factor authentication. Compatible with standard authenticator apps like Google Authenticator, Microsoft Authenticator, and Authy.

Up to 7-Year Audit History

Maintain comprehensive audit trails for up to 7 years to satisfy even the most stringent regulatory and compliance requirements. Full visibility into user activity, configuration changes, and system events.

Self-Hosted & On-Premises Deployment

Run Resgrid on your own infrastructure — in your own data center, private cloud, or air-gapped environment. Maintain full control over your data, meet data sovereignty requirements, and comply with any regulatory mandate.

Regulatory & Compliance Ready

Whether you need to meet CJIS, FedRAMP, ITAR, or other government and industry-specific compliance frameworks, Resgrid's flexible deployment and enterprise security features give you the foundation to satisfy any regulatory need.

Need a custom deployment or have specific compliance requirements? Contact our team to discuss how Resgrid can be tailored to your organization's security posture and regulatory obligations.

Certifications

Resgrid is always working toward certifications to help our customers meet their compliance needs. We are currently working on the following certifications:

 

SOC2
SOC2

Resgrid is currently working toward our SOC2 Type I and Type II certifications. You can view our TrustShare profile for more info.

 

HIPAA
HIPAA

Resgrid is currently working toward our HIPAA certifications. You can view our TrustShare profile for our current progress and more info.

 

CSA STAR
CSA STAR

Resgrid is working on fully participating in the CSA Security Trust Assurance and Risk (STAR) Program.

Resgrid uses TrustCloud to help us manage our certifications and compliance. You can view our TrustCloud profile for more information and check out TrustCloud.ai if your looking for a GRC solution. Once we achieve our certifications we will post them here and update the images above to be the "certified" badges.

Security Through Community

Resgrid is open source software that anyone can download and run, audit and contribute to. Resgrid being open source means there are more eyes looking at our code to spot vulnerabilities. We also have a public security disclosures page.

 

View Our Code
View Our Code

All of Resgrid code is Apache 2.0 licensed open source and available on GitHub. You can view our code, audit it and even contribute to it.

 

Security Disclosures
Security Disclosures

Learn about how to report vulnerabilities, privacy issues, exposed data, or any other security issues pertaining to the Resgrid platform or code.

 

Hall Of Fame
Hall Of Fame

See who's made the Resgrid Responsible Disclosure Hall of Fame for independently researching and reporting vulnerabilities to us.

 

Subprocessors
Subprocessors

Resgrid uses a number of subprocessors to provide our services. Learn more about who they are and what they do for us.