Compliance Posture
SOC 2 Type II audit in progress. Controls aligned to NIST 800-171 and CMMC 2.0. We use Scan Ninja to maintain our own continuous compliance — proof of concept for every buyer.
Trust Center
We hold the crown jewels of your security program.
We treat them that way.
Scan Ninja ingests vulnerability telemetry, audit evidence, and compliance gaps from your environment. This page is how we proactively answer the questions your Infosec team is going to ask.
SOC 2 Type II
Audit in progress
NIST 800-171 / CMMC 2.0
Aligned controls
AES-256 · TLS 1.3
Encrypted end to end
Delaware C-Corp
D-U-N-S 134682197
How we operate
AI Data Boundaries
Your vulnerability telemetry is siloed to your tenant. We never use customer data to train shared or public models. AI remediation guidance is grounded strictly in your environment, with human-in-the-loop approvals.
Encryption & Isolation
AES-256 at rest, TLS 1.3 in transit. Logical tenant separation across data, compute, and AI inference. Documented retention and deletion policies.
Access Control
Role-based access with least privilege. Internal support cannot view sensitive customer data without explicit, time-bound, audited consent.
Integration Security
Connections to Tenable and other scanners use OAuth 2.0 or scoped API tokens, request read-only / least-privilege access, and credentials are stored in a managed secrets vault.
Incident Response
Defined SLAs for Critical / High / Medium / Low platform vulnerabilities. Customer notification within 24–48 hours of a confirmed security incident, via designated platform admins.
Responsible disclosure
If you believe you've found a security vulnerability in the Scan Ninja platform, please report it via the address in our security.txt. We commit to acknowledge reports within two business days and to keep researchers informed throughout triage and remediation.