Compliance Features
Meet your organization's compliance requirements. --- BlockSecOps Enterprise supports: - SOC 2 Type II - GDPR - CCPA - Industry-specific requirements --- All...
Compliance Features
Meet your organization's compliance requirements.
Compliance Overview
BlockSecOps Enterprise supports:
- SOC 2 Type II
- GDPR
- CCPA
- Industry-specific requirements
Audit Logs
What's Logged
All security-relevant actions:
- User authentication
- Resource access
- Configuration changes
- API calls
- Data exports
Log Details
Each entry includes:
- Timestamp
- User identity
- Action performed
- Resource affected
- IP address
- Result (success/failure)
Retention
| Plan | Retention |
|---|---|
| Standard | 90 days |
| Enterprise | 2 years (configurable) |
Accessing Logs
Dashboard:
- Go to Settings → Audit Logs
- Filter by date, user, action
- Export as needed
API:
curl -X GET "https://api.blocksecops.com/api/v1/audit-logs" \
-H "Authorization: Bearer YOUR_API_KEY"
Data Residency
Available Regions
| Region | Location |
|---|---|
| US | AWS us-east-1, us-west-2 |
| EU | AWS eu-west-1 |
| Asia-Pacific | AWS ap-southeast-1 |
Configuration
Enterprise customers can:
- Select primary region
- Configure data boundaries
- Ensure compliance with local regulations
Contact your CSM to configure.
Data Retention
Configurable Policies
Set retention for:
| Data Type | Options |
|---|---|
| Scan results | 30 days - 5 years |
| Source code | Immediate delete - 1 year |
| Audit logs | 1 year - 7 years |
| User data | Until deletion |
Automatic Deletion
Configure automatic purging:
- Go to Settings → Data Retention
- Set retention periods
- Enable automatic deletion
- Save
Manual Deletion
Delete specific data:
- Individual contracts
- Individual scans
- User data (GDPR)
Access Control
Role-Based Access
Granular permissions:
| Role | Capabilities |
|---|---|
| Owner | Full access, billing |
| Admin | Manage users, settings |
| Member | Standard operations |
| Viewer | Read-only |
Custom Roles
Enterprise can define custom roles:
- Specific permission sets
- Project-level access
- Feature restrictions
Access Reviews
Regular review features:
- User access reports
- Last login tracking
- Permission audits
- Inactive user detection
Data Encryption
At Rest
- AES-256 encryption
- Customer-managed keys (optional)
- Key rotation support
In Transit
- TLS 1.3
- Strong cipher suites
- Certificate pinning (mobile)
Key Management
Enterprise options:
- BlockSecOps-managed keys
- Customer-managed keys (BYOK)
- HSM integration
Security Certifications
SOC 2 Type II
We maintain SOC 2 certification covering:
- Security
- Availability
- Confidentiality
Request Report: Contact your CSM
Penetration Testing
- Annual third-party testing
- Quarterly vulnerability scans
- Bug bounty program
Reports Available: Upon request with NDA
GDPR Compliance
Data Subject Rights
BlockSecOps supports:
- Access: Export user data
- Rectification: Update user data
- Erasure: Delete user data
- Portability: Export in standard formats
Data Processing
- Standard Contractual Clauses available
- DPA (Data Processing Agreement) included
- Sub-processor list maintained
Breach Notification
- Detection monitoring
- 72-hour notification commitment
- Incident response procedures
Export Controls
Data Export
Export all organization data:
- Go to Settings → Data Export
- Select data types
- Generate export
- Download
Formats
- JSON (machine-readable)
- CSV (spreadsheets)
- PDF (reports)
Compliance Reporting
Available Reports
Generate compliance reports:
- Access audit report
- Activity summary
- Configuration report
- Security posture
Scheduled Reports
Automate report generation:
- Go to Settings → Reports
- Configure schedule
- Set recipients
- Enable
Compliance Checklist
SOC 2 Alignment
- Access controls
- Encryption at rest
- Encryption in transit
- Audit logging
- Incident response
- Change management
GDPR Alignment
- Data minimization
- Purpose limitation
- Storage limitation
- Data subject rights
- Privacy by design
- Breach notification
On-Premise Compliance
For maximum control:
- Deploy in your infrastructure
- Your security controls
- Your compliance boundary
- Your audit procedures
See Enterprise Quickstart for deployment options.
Getting Help
Compliance Questions
Contact your CSM for:
- Compliance documentation
- Security questionnaires
- Custom requirements
- Audit support
Security Incidents
Report to: [email protected]
Next Steps
- SSO Configuration - Identity compliance
- Audit Logs - Logging details
- Enterprise Quickstart - Full setup