Ato - Trust Center
Compliance and Security Portal for Ato.
Framework overview
An overview of Ato's compliance status across common frameworks like SOC 2, ISO 27001, ISO 9001, and GDPR.
ISO 27001
In progress
26Policies
An up to date list of policies published internally by Ato.
Vendor & Third-Party Risk
Physical Security & Environmental
Secure Software Development Lifecycle
Encryption & Crypto Controls
Background Screening & On/Off-boarding
Retention & Secure Disposal
Sanctions & Disciplinary
Backup, Business Continuity & Disaster Recovery
Incident Response & Breach Notification
Information Sharing & Transfer
Logging, Monitoring & Audit
Code of Business Conduct
Secure Configuration & Hardening
Acceptable Use & Workstation Security
Vulnerability & Patch Management
35Controls
An up to date list of controls published internally by Ato.
Backup logs
Utility Monitoring
Secure Code
Secure Secrets
Employee Verification
Contact Information
Separation of Environments
Incident Response
Board Meetings & Independence
Encryption at Rest
Public Policies
App Availability
Statement of Applicability
Access Review Log
Employee Access
Secure Storage
15Subprocessors & Vendors
Third-party vendors and subprocessors used by Ato.
Claude
SOC 2,ISO 27001,ISO 42001,HIPAA
Cursor
SOC 2
Expo
SOC 2
GitHub
SOC 2,PCI DSS,GDPR
SOC 2,ISO 9001
Grafana Labs
SOC 2,PCI DSS
Intercom
SOC 2,ISO 27001,GDPR,HIPAA
Linear
SOC 2,GDPR,HIPAA
Resend
SOC 2,GDPR
Shopify
PCI DSS,SOC 2
Slack
SOC 2
Stripe
SOC 2
Supabase
SOC 2,HIPAA
Tailscale
SOC 2
Vercel
SOC 2,ISO 27001,PCI DSS,HIPAA,GDPR