Security Center

Table of contents

Heading 2
Heading 3
Heading 4
Heading 5
Heading 6

Earning Your Trust is Our Highest Priority

At Civis, trust is the cornerstone of every client relationship. As a platform powering critical data workflows, we know that our responsibility to protect your data is as important as the insights we help you generate.

We are relentless in our pursuit of excellence in data security, privacy, and compliance—because we don’t just want to meet your expectations, we want to exceed them. 

If you have questions about our security practices or would like more detailed documentation, we welcome your inquiries at dataprotection@civisanalytics.com.

Comprehensive Technical Safeguards

Civis implements a multi-layered security architecture that spans:

  • Network & Infrastructure Security: Firewalls, intrusion detection and prevention systems (IDPS), network segmentation, and advanced traffic monitoring tools guard against external and internal threats.
  • Application Security: Secure SDLC practices including static and dynamic code analysis, peer code reviews, and regular application vulnerability testing ensure the Civis Platform remains resilient and hardened.
  • Data Encryption: All data is encrypted in transit (TLS 1.2+) and at rest using AES-256. We support field-level encryption and client-managed keys for added assurance.
  • Authentication & Access Controls: We offer single sign-on (SSO), multi-factor authentication (MFA), and strict role-based access controls (RBAC) to ensure only authorized users can access data.
  • Data Isolation & Tenant Separation: We isolate client environments and data to ensure operational boundaries and prevent cross-client data exposure.

Continuous Monitoring & Risk Management

Security doesn’t end at implementation—it’s an ongoing commitment. Our security team uses automated and manual testing tools to continuously monitor, assess, and enhance our systems. This includes:

  • Regular vulnerability scanning and penetration testing
  • Third-party security audits
  • Incident detection and response protocols
  • Real-time log analysis and security alerts

We also maintain a rigorous vendor risk management process to ensure that our third-party service providers meet our security expectations.

Powered by AWS, Backed by World-Class Cloud Security

Civis Platform is built on top of Amazon Web Services (AWS), the world’s leading cloud infrastructure provider. This foundation allows us to deliver the reliability, scalability, and security that our clients demand.

By leveraging AWS’s global infrastructure, we inherit a comprehensive suite of cloud security features, including:

  • Data Center Security: Physical facilities protected by biometric access controls, 24/7 surveillance, and rigorous compliance with standards like ISO 27001, PCI DSS, and SOC 1/2/3.
  • High Availability and Resilience: Redundant systems and geographically distributed regions ensure uptime and data durability.
  • Shared Responsibility Model: While Civis manages security "in" the cloud (application, platform, and customer data), AWS manages security "of" the cloud (infrastructure, hardware, networking).
  • Native Encryption Services: AWS Key Management Service (KMS), CloudHSM, and envelope encryption technologies safeguard data at rest and in transit.
  • Compliance Frameworks: Civis benefits from AWS's certifications and attestations across a broad set of regulatory frameworks, including FedRAMP, HIPAA, and GDPR.

Our engineering team works closely with AWS services to maintain alignment with their security best practices and to continuously improve our cloud posture.

SOC 2 Type II Compliance

Civis Platform has successfully completed a SOC 2 Type II examination conducted by an independent auditing firm. This attestation demonstrates our adherence to the AICPA Trust Services Criteria, with a focus on security, confidentiality, and availability.

Our controls are designed to meet the expectations of enterprise clients and regulators alike. We also align our practices with applicable HIPAA security controls. Clients and prospects may request a copy of our latest SOC 2 Type II report.

FedRAMP Moderate Authorization

Civis is proud to be FedRAMP Moderate Authorized, a designation that signifies compliance with a rigorous baseline of security controls required for federal systems. FedRAMP status includes:

  • Continuous monitoring and real-time threat detection
  • Detailed documentation through a System Security Plan (SSP)
  • Annual independent assessments and ongoing compliance reporting

This designation enables federal agencies to confidently use Civis Platform for their sensitive workloads. 

Responsible Data Stewardship

We believe security is not just about technology—it’s about stewardship. Every member of our team is trained in security best practices and held accountable to Civis’ high standards of confidentiality, integrity, and transparency.

Through our product design framework and governance, we aim to empower you with tools that are not only powerful and intuitive, but secure by default.