Roo Code Trust Center
Roo Code is in compliance with security best practices, has implemented and is monitoring comprehensive controls, and maintains policies to outline its security procedures.
Compliance
Resources
SOC 2 Type II Report
SOC 2 Type I Report
Personnel Security Policy
Information Technology Leadership Committee Charter
Binding Corporate Rules (BCRs) Policy
Controls
Source code access restricted and changes logged
Access control procedures
Quarterly user access reviews performed
Termination Access Revocation Checklist
Access Segmentation Between Customers and Environments
Data encrypted at rest
Data protection policy
Data transfers covered by approved safeguards
Cooperation agreements/data sharing frameworks
Data processing agreements executed and retained
Secure connection means utilized
Code of Conduct acknowledged by employees
Web application firewalls configuration
Outsourced development security requirements managed
Source code changes tested and approved
Anti-malware monitoring
Intrusion detection tool
Centralized Log Collection and Monitoring
Infrastructure firewall
Monitoring tool
Business continuity & disaster recovery plans documented and tested
Incident response and breach notification policy
Security incident logging and review
Breach notification communication
Internal GDPR compliance assessments performed
Binding corporate rules policy
Visitor sign-in, badging, and escort policy
Automated decision-making policy
Technology assets inventoried
Documented Vendor Management Program
Vendor list
Vendor termination
Vendor onboarding
Consent for processing captured via explicit opt-in mechanisms
Age verification and parental/guardian consent process enforced
Confidentiality Agreement acknowledged by employees
Security awareness training implemented
List of newly hired employees & contractors
Employee handbook
List of active employees & contractors as on date
Records of Processing Activities (RoPA) maintained
Whisteblower mechanism maintained
Multi-availability zones
Documentation available to internal and external users
Customer support channels available
Risk management program
Lawful basis assessment
Legitimate interest assessment
Risk and Governance Executive Committee meeting minutes
Patch management process developed
Board/steering committee bylaws
Mobile Device Management (MDM) and BYOT
Board/steering commitee briefing
Production system hardening and baseline configuration management
Subprocessors
Clerk | Authentication and User ManagementUnknown Category