Security & Trust Center
Your security is our top priority. Learn how we protect your data and maintain the highest security standards.
Our Security Commitment
At TigerTrust, security isn't just a feature—it's the foundation of everything we do. As a certificate lifecycle management platform trusted by Fortune 500 companies, we understand the critical importance of protecting your infrastructure and data.
We implement defense-in-depth security strategies, conduct regular third-party audits, and maintain certifications from leading security frameworks to ensure your data is protected at every layer.
Comprehensive Security Features
Multi-layered security controls to protect your certificates and infrastructure
- TLS 1.3 for all data in transit with perfect forward secrecy
- AES-256 encryption for data at rest across all storage systems
- Quantum-safe cryptography support for future-proof security
- HSM integration for private key protection
- Multi-factor authentication (MFA) required for all users
- SSO/SAML integration with Okta, Azure AD, Google Workspace
- Role-based access control (RBAC) with granular permissions
- Just-in-time (JIT) access provisioning
- Immutable audit trails for all system activities
- Real-time logging of certificate operations and access events
- 7-year retention for compliance requirements
- SIEM integration for centralized monitoring
- SOC 2 Type II certified data centers
- DDoS protection and web application firewall (WAF)
- Network isolation and micro-segmentation
- Geographic redundancy across multiple regions
Industry Certifications & Compliance
Independently verified security and compliance standards
SOC 2 Type II
Annual third-party audit of security, availability, and confidentiality controls
ISO 27001
International standard for information security management systems
GDPR Compliant
Full compliance with EU General Data Protection Regulation
PCI DSS
Payment Card Industry Data Security Standard compliance
HIPAA Ready
Business Associate Agreement (BAA) available for healthcare customers
FedRAMP
Federal Risk and Authorization Management Program
Security Incident Response
We maintain a comprehensive incident response program to quickly detect, respond to, and recover from security events.
24/7 Monitoring
- Round-the-clock security operations center (SOC)
- Automated threat detection and alerting
- Real-time anomaly detection using AI/ML
- Intrusion detection and prevention systems (IDS/IPS)
Rapid Response
- Dedicated incident response team on standby
- Documented incident response procedures
- Customer notification within 24 hours of confirmed breach
- Post-incident analysis and remediation
Responsible Disclosure
We welcome reports from security researchers and maintain a bug bounty program. If you discover a security vulnerability, please report it to:
security@tigertrust.io
PGP Key: Download Public Key
Security Best Practices for Customers
Recommendations to maximize your security posture
Enable Multi-Factor Authentication
Require MFA for all users and integrate with your SSO provider for centralized access control.
Implement Least Privilege Access
Use RBAC to grant users only the permissions they need. Regularly review and audit access rights.
Monitor Audit Logs Regularly
Review audit logs for unusual activity and integrate with your SIEM for comprehensive monitoring.
Configure Expiration Alerts
Set up automated alerts for certificate expiration and policy violations to prevent outages.
Use API Keys Securely
Rotate API keys regularly, store them securely, and never commit them to version control.
Questions About Our Security?
Our security team is here to answer your questions and provide additional documentation
Email: security@tigertrust.io