Podio security
Podio Service Organization Control (SOC) 2 Report
A SOC (System and Organization Control) report is designed to help Podio build trust and confidence in the service performed and controls related to the service through a report by an independent assessor.
The SOC 2 report is used to display the controls that a service provider has in place. The report is intended to provide detailed information and assurance about the controls at a service organization relevant to processing users’ data and keeping that data private and confidential. The SOC 2 touches on three (3) overall Trust Principles that a cloud provider can choose to report on. These include:
-
Security: protecting against unauthorized access or changes.
-
Availability: ensuring it will be up and running as needed.
-
Confidentiality: information in the system is properly protected.
The Podio SOC 2 attestation reports are issued by an outside auditor, whose role is to assess the extent to which we comply with our selected Trust Principles based on the systems and processes in place.
You can find Podio certification details on Cloud Software Group (CSG) Trust Center
Podio’s SOC 2 Type II report is available upon request.
-
Users with existing MyCitrix account: Login to MyCitrix account to access reports from Portal
-
Users without existing MyCitrix account: Please contact your sales representative or contact Podio support team to request for the report
Coming soon:
A new ShareFile/Podio Trust Center to easily request product certification reports!
Here are some key elements about security at Podio:
- Customer-uploaded data is hosted through Amazon Web Services in Dublin.
- HTTPS Encryption exists on all data between the Podio service and the client web browser.
- Login without encryption isn’t an option.
- Podio servers are firewalled and only those services which are required to be running are listening.
- Connections between servers are made using encrypted secure tunnels.
- Podio employees can’t access customer-uploaded data in Podio without prior customer consent.
- No super-user account exists in the organization. All accounts are private to each individual user.
- Read our privacy policy here: https://www.cloud.com/privacy-policy
- All data is backed up nightly and copied to another off-site location.
- Access all your uploaded data programmatically using the Podio API: https://developers.podio.com/
- Multiple client libraries available.
- Import and export data or connect external services to Podio using the API.
- Regular security audits are carried out by internal security team
- Citrix Security Exhibit: https://www.citrix.com/buy/licensing/citrix-services-security-exhibit.html
Reporting a product security vulnerability
If you believe you have discovered a potential security vulnerability related to Podio or any other ShareFile product or service, please report a security issue at the Citrix Trust Center.
Our Security Whitepaper is also attached. Please see this for additional information.