Resources > Security

Resources

Security

An overview of Reforge's security features and practices.

Governance

Reforge Robotics establishes policies and controls, monitors compliance with those controls, and proves the security and compliance to third-party auditors.

Our policies are based on the following foundational principles:

  1. Least Privilege: Access should be limited to only those with a legitimate business needs, based on the principle of least privilege.
  2. Consistency: Security controls should be applied consistently across all areas of the enterprise.
  3. Defense in Depth: Security controls should be implemented and layered according to the principle of defense-in-depth.
  4. Continuous Improvement: The implementation of controls should be iterative, continuously improving effectiveness and decreasing friction.

Data Protection

Reforge Robotics ensures data is secure and not lost with the following practices:

Data at rest

All datastores are encrypted at rest. Sensitive resources and tables also use row-level encryption.

Data in transit

Reforge Robotics uses TLS 1.3 or higher everywhere data is transmitted over potentially insecure networks.

Data backup

Reforge Robotics backs-up all production data using a point-in-time approach. Backups are persisted for 30 days, and are globally replicated for resiliency against regional disasters.

Operational Security

Reforge Robotics institutes organization-wide practices to instill a culture of security and data privacy.

Security education

Reforge Robotics provides comprehensive security training to all employees upon onboarding and annually. Reforge's conducts threat briefings with employees to inform them of important security and safety-related updates that require special attention or action.

Identity access and management

Reforge Robotics employees are granted access to applications based on their role, and automatically deprovisioned upon termination of their employment. Further access must be approved according to the policies set for each application.

Multi-factor authentication is required for all employees to access company applications.