Security at Civic Roundtable

Safeguarding your data is a top concern at Civic Roundtable. We are committed to protecting the valuable conversations, resources, and connections facilitated on our platform.

Customer security comes first

Customers trust Civic Roundtable to power their critical work, and we’re committed to building an application they can trust. Our product offering is a managed, tested, and externally audited platform with robust access controls. As part of our continuous investment in protecting your data, we are committed to:

  • Hiring a world class technology team to oversee platform security
  • Keeping up to date with security industry standards and best practices
  • Deploying security technology to safeguard against security threats
  • Incorporating automated and manual checks for data security as part of our development lifecycle

Keep your data safe

  • Compliance: Civic Roundtable is hosted on AWS GovCloud, which has a FedRAMP High ATO, uses FIPS 140-2 compliant service endpoints, meets NIST 800-171, and ensures all data centers are maintained by US citizens. To continue our commitment to privacy and security in safeguarding customer data, we are pursuing SOC2 Type I compliance in 2024, and Type II compliance in 2025.
  • Human Resource Security: All Civic Roundtable employees and contractors agree to terms and conditions of employment upon joining, undergo criminal background checks, require annual security awareness training, and follow our Acceptable Use Policy for company resources. Upon termination, access to all systems is revoked and physical assets are returned.
  • Data Protection: All data is encrypted at-rest using AES-256 GCM encryption with root keys stored in an HSM controlled by Roundtable. All data in-transit is encrypted using modern, secure SSL/TLS settings and HTTP headers. We use unique accounts to access all systems, and log user activity for internal auditing. Production networks are closed by default and protected by firewalls, with only the minimal necessary ports open between services.
  • Disaster Recovery: We perform annual disaster recovery exercises to ensure preparedness. We backup all customer data daily, save backups for one year, and copy backups to multiple geographic regions.

Report an issue

If you’ve identified a potential security flaw in our application, please let us know at security@civicroundtable.com.

Ready to get started?
Reach out today

Request a demo

The collaboration platform for public service

Platform
HomeSecurityAccessibility
Company
AboutCareers
Connect
© 2024 Civic Roundtable. All rights reserved. Terms & Privacy