top of page

Our Commitment to Security 

At Orbit, protecting customer data and ensuring compliance is core to our mission. We design, operate, and evolve our platform with security and privacy front and center.

Governance & Control Framework

  • We maintain formal security policies and controls, and continuously monitor compliance with them.

  • Access is granted on a least-privilege basis and reviewed to ensure only the right people have access.

  • Internal roles and responsibilities are defined to manage oversight, change control, and risk.

Hosting & Infrastructure

  • Orbit is hosted on Amazon Web Services (AWS) across U.S. regions.

  • AWS data centers hold industry-recognized certifications (SOC 2, ISO 27001, PCI DSS).

  • Environments are logically isolated per customer to prevent unauthorized crossaccess.

Data Protection & Secrets

  • All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).

  • Backups are encrypted and stored securely across regions with redundancy.

  • Secrets, encryption keys, and credentials are stored in secure vaults (e.g. AWS Key Management Service, Secrets Manager) and access is tightly controlled.

Access & Identity Management

  • Access to systems and data is limited to those with a valid business need.

  • Multi-Factor Authentication (MFA) is required for administrative or elevated access.

  • Identity and access management tools enforce role-based access and automated deprovisioning when employees depart or change roles.

Monitoring, Logging & Patching

  • Infrastructure, applications, and security alerts are monitored continuously.

  • Logging and audit trails are centralized for visibility, accounting, and forensic needs.

  • Systems, dependencies, and software components are patched regularly to mitigate vulnerabilities.

Vendor & Third-Party Risk

  • We evaluate the security posture of all vendors who integrate or access our systems.

  • Risk-based reviews determine whether a vendor can be onboarded, and we require appropriate security safeguards (e.g. encryption, contractual protections).

Employee Security & Awareness

  • All employees are bound by confidentiality obligations and security policies.

  • Regular security training and awareness programs ensure staff understand threats and best practices.

  • Company devices are secured (e.g. encryption, antivirus, secure configurations).

​Compliance & Assurance

  • Orbit aligns with SOC 2 security principles and regularly undergoes risk assessments.

  • As we mature, we expect to broaden our compliance commitments and provide transparency to customers.

©2022 by The Compliance Technology Coalition.

bottom of page