Security & Compliance

Security is a top priority at Costello. That’s why we build upon the industry’s most reliable, scalable, and secure cloud computing technologies and employ policies and procedures which negate risk.

We understand that your sales data is sensitive and offer controls which allow you to connect only the data you need to. Users login with single sign-on (SSO) allowing you to keep control of who can access your data. Everything a user does in Costello which effects your CRM is on the user’s own behalf, thus respecting any permissions you have in place in your CRM.

Enterprise-Grade Security

Trust is central to our architectural design. Using industry-standard encryption and processes, along with the principle of least privilege, we ensure the smallest possible attack surface area. Customers authenticate through their self-managed identity providers using SSO and secure exchange protocols, including OAuth 2.0 and HMAC SHA256 hashed web tokens. All data is encrypted at transport and at rest using the latest TLS and AES 256 standards.

SOC 2 Compliant

SOC2 CompliantThe SOC 2 report provides an attestation from an independent assessor that our controls are designed, implemented and operating effectively to align with the trust services principles and criteria defined by the AICPA. Costello is certified as SOC 2 Type 2 compliant by a third party audit firm with the most recent period of September 20th, 2018 to March 31st, 2019. Our SOC 2 report is available upon request.

GDPR (General Data Protection Regulation)

Costello has implemented a GDPR readiness program which includes putting measures in place to identify and delete private data, ensuring all subcontractors are compliant, and updating our Privacy Policy.

Security Starts from the Inside

The majority of security breaches today can be attributed to people as opposed to software. Staff unintentionally – or sometimes intentionally – expose their credentials which can negate many IT security efforts. Costello is proactive in minimizing the risk of these events. All staff members enable 2-factor authentication on their accounts. By adhering to the principle of least privilege, staff only has access to the information required for them to do their jobs.

Ready to Start Closing More Deals?