Security Transparency
Independent verification of our security controls and infrastructure
Audit Reports
Independent third-party assessments of our voting platform security
| Report | Type | Auditor | Findings | Status | Download |
|---|---|---|---|---|---|
2023 Q4 Full Security Audit | ISO 27001 Recertification | Deloitte Cybersecurity | 2 Minor | Remediated | |
2023 Q2 Penetration Test | Web/Mobile/USSD | Cure53 | 1 Critical | Remediated | |
2022 Q4 Infrastructure Audit | AWS Security Review | Amazon Security | 3 Medium | Remediated | |
2022 Q2 Cryptographic Review | Voting Algorithm Audit | NCC Group | 0 | Verified |
Certifications
Industry-recognized certifications validating our security controls
ISO 27001:2022
Scope: Information Security Management
Issued: 1/15/2023
Expires: 1/14/2026
Auditor: BSI Group
SOC 2 Type II
Scope: Security, Availability, Confidentiality
Issued: 3/1/2023
Expires: 3/1/2024
Auditor: PricewaterhouseCoopers
PCI DSS v4.0
Scope: Payment Card Security
Issued: 6/20/2023
Expires: 6/19/2024
Auditor: Qualys
Security Metrics
Quantitative measures of our security performance
Voting System Uptime
Last 12 months
Critical Patch Deployment
Average time
Vulnerability Detection
Mean time to identify
Security Training Completion
Employee compliance
Vulnerability Disclosure
We welcome responsible disclosure of security vulnerabilities. If you've discovered a potential security issue in our platform, please report it to our security team.
Our Commitment:
- We will respond to your report within 24 hours
- We will keep you informed throughout the remediation process
- We will credit researchers for discovered vulnerabilities (if desired)
Reporting Guidelines:
- Provide detailed reproduction steps
- Include proof-of-concept code if applicable
- Do not exploit the vulnerability or access user data
- Allow reasonable time for remediation before public disclosure
Need Additional Security Information?
Request our complete security documentation package for enterprise clients.