Carbonbright's Trust Center
Carbonbright's Trust Center
CarbonBright, Inc. recognizes that the confidentiality, integrity, and availability of the information and data we create, process, and host are fundamental to earning and maintaining the trust of our customers and partners.
As a technology provider supporting mission-critical product and sustainability data, we are committed to transparency in how we protect customer information. We clearly communicate our security practices, controls, and responsibilities so organizations can confidently rely on CarbonBright as a trusted platform.
CarbonBright has achieved SOC 2 Type II compliance, reflecting an independent assessment of our security controls and our commitment to maintaining a high standard of data protection over time.
This Trust Center provides an overview of how we safeguard data, manage risk, and continuously strengthen our security and compliance programs.
Controls (45)
Here are the controls implemented at Carbonbright to ensure compliance, as a part of our security program.
Product security (1)
Situational Awareness For Incidents
Data security (4)
Identity Validation
Termination of Employment
Encrypting Data At Rest
Data Backups
Network security (4)
Transmission Confidentiality
Anomalous Behavior
Capacity & Performance Management
Centralized Collection of Security Event Logs
App security (2)
Conspicuous Link To Privacy Notice
Secure system modification
Endpoint security (5)
Malicious Code Protection (Anti-Malware)
Full Device or Container-based Encryption
Endpoint Security Validation
Session Lock
Endpoints Encryption
Corporate security (29)
Code of Business Conduct
Organizational Structure
Roles & Responsibilities
Competency Screening
Personnel Screening
New Hire Policy Acknowledgement
Security & Privacy Awareness
Performance Review
Periodic Policy Acknowledgement
Automated Reporting
Incident Reporting Assistance
Risk Framing
Risk Assessment
Fraud
Third-Party Criticality Assessments
Assigned Cybersecurity & Privacy Responsibilities
Internal Audit using Sprinto
Periodic Review & Update of Cybersecurity & Privacy Program
Management Review of Org Chart
Management Review of Risks
Management Review of Third-Party Risks
Subservice organization evaluation
Segregates Roles and Responsibilities
Testing
Asset Ownership Assignment
New Hire Security & Privacy Training Records
Periodic Security & Privacy Training Records
Updates During Installations / Removals
Inventory of Endpoint Assets
