Built with Security & Privacy at the Core
At LLUMO AI, we follow enterprise-grade security standards and privacy-by-design principles to protect your data. Here's a brief on standard operating procedures we follow.
AES 256
Completed
MFA
Completed
SOC2 Type2
Inprogress
TLS 1.3
Completed
SSL
Completed
Compliance overview
Current compliance status across frameworks
Access Control and Authorization
Access granting process used
Dormant accounts disabled
Employee access is regularly reviewed
MFA required for critical services
Password management policy enforced
Data Management and Protection
Data encrypted at rest
Data encrypted in transit
Data inventory maintained
Data management and retention policy established
Disaster Recovery
Automated backups enabled
Business continuity and disaster recovery policy established
Data recovery process established
Disaster recovery plans tested
Recovery data isolated
Email Security
DMARC policy and verification used
Email account access restricted
Email settings block malicious content
Endpoint Security
Anti-malware deployed on end-user devices
Data encrypted on end-user devices
Firewall maintained on end-user devices
Infrastructure Security
Active discovery tools used
Automated security scanning performed on infrastructure
Buckets not exposed publicly
Configuration management system established
Firewall restricts public access to infrastructure
Infrastructure deployed using an infrastructure-as-code tool
Production deployment access restricted
Unauthorized assets addressed and removed
Unique production database authentication enforced
Monitoring and Incident Response
Audit log management process maintained
Audit logs collected
Incident response policy established
Infrastructure performance monitored
Log management used
Network infrastructure monitored
Organizational Security
Acceptable use policy established
Asset inventory maintained
Asset management policy established
Code of conduct acknowledged by employees
Code of conduct established
Company commitments externally communicated
Confidentiality Agreement acknowledged by employees
External support resources available (e.g., documentation)
Offboarding process established
Onboarding process established
Performance evaluations conducted
Physical access restricted
Reference calls performed for employees
Roles and responsibilities specified
Security awareness training conducted
Service description communicated
Software development lifecycle established
Risk Management
Risk management policy established
Vendor inventory maintained
Vendor management program established
Vulnerability Management
Penetration testing findings remediated
Penetration testing performed
Vulnerability management policy acknowledged by employees
Vulnerability management policy established