PULLPO logo|PULLPO's Trust Center

PULLPO

Pullpo is the tool to detect, analyze, and prioritize bottlenecks in your development teams. By analyzing objective data and feedback from developers, Pullpo provides a holistic view of your team's health.

security@pullpo.ioPrivacy Policy

Controls

Infrastructure security

Control Status

Unique production database authentication enforced

The company requires authentication to production datastores to use authorized secure authentication mechanisms, such as unique SSH key.

Unique account authentication enforced

The company requires authentication to systems and applications to use unique username and password or authorized Secure Socket Shell (SSH) keys.

Production application access restricted

System access restricted to authorized access only

Production database access restricted

The company restricts privileged access to databases to authorized users with a business need.

Production network access restricted

The company restricts privileged access to the production network to authorized users with a business need.

Unique network system authentication enforced

The company requires authentication to the "production network" to use unique usernames and passwords or authorized Secure Socket Shell (SSH) keys.

Remote access encrypted enforced

The company's production systems can only be remotely accessed by authorized employees via an approved encrypted connection.

Infrastructure performance monitored

An infrastructure monitoring tool is utilized to monitor systems, infrastructure, and performance and generates alerts when specific predefined thresholds are met.

Network firewalls utilized

The company uses firewalls and configures them to prevent unauthorized access.

Organizational security

Control Status

Production inventory maintained

The company maintains a formal inventory of production system assets.

Anti-malware technology utilized

The company deploys anti-malware technology to environments commonly susceptible to malicious attacks and configures this to be updated routinely, logged, and installed on all relevant systems.

Password policy enforced

The company requires passwords for in-scope system components to be configured according to the company's policy.

MDM system utilized

The company has a mobile device management (MDM) system in place to centrally manage mobile devices supporting the service.

Product security

Control Status

Data encryption utilized

The company's datastores housing sensitive customer data are encrypted at rest.

Control self-assessments conducted

The company performs control self-assessments at least annually to gain assurance that controls are in place and operating effectively. Corrective actions are taken based on relevant findings. If the company has committed to an SLA for a finding, the corrective action is completed within that SLA.

Internal security procedures

Control Status

Cybersecurity insurance maintained

The company maintains cybersecurity insurance to mitigate the financial impact of business disruptions.

Board charter documented

The company's board of directors has a documented charter that outlines its oversight responsibilities for internal control.