◎ Verified

Agentic third-party risk and security

Coverbase tailors AI to your program and controls, evaluated continuously across every single surface of exposure.

✉ security@coverbase.ai Privacy Policy Website

Compliance

S2SOC 2 Type II

ISO 27001

GDPR

CCPA

Controls

✓ Updated 2 days ago

Access Control

Multi-factor authentication enforced for all user and admin accounts

Data Security

All data encrypted at rest (AES-256) and in transit (TLS 1.2+)

Incident Response

Documented incident response plan with defined RTO/RPO and stakeholder notification procedures

Infrastructure Security

Production data backed up daily with point-in-time recovery; backups tested quarterly

Vulnerability Management

Annual penetration testing and continuous vulnerability scanning (SAST/DAST)

Data collected

✓Business contact information (name, email, title, company)

✓Vendor and supplier profile data (company details, risk scores, assessment responses)

✓Usage and audit log data (login events, feature usage, workflow activity)

✓Uploaded documents and evidence files (contracts, questionnaires, certifications)

FAQ

Is Coverbase SOC 2 certified?

Yes. Coverbase is SOC 2 Type II certified, independently audited against the AICPA Trust Services Criteria covering security, availability, and confidentiality. Our most recent report is available to customers and prospects under NDA — request access via security@coverbase.ai.

How does Coverbase handle my vendor data and documents?

All vendor data, uploaded documents, questionnaire responses, and evidence files are stored in logically isolated, encrypted environments (AES-256 at rest, TLS 1.2+ in transit). Customer data is never commingled across tenants and is never used to train shared models without explicit consent.

Does Coverbase support SSO and enterprise identity providers?

Yes. Coverbase supports Single Sign-On (SSO) via SAML 2.0 and SCIM-based user provisioning, with out-of-the-box integrations for Okta, Microsoft Entra ID, and Google Workspace. MFA is enforced for all production access.

Updates

SOC 2 Type II Report Now Available

Compliance

Published 2026-05-01

Coverbase has completed its SOC 2 Type II audit for the period ending March 2026. The report covers the Security, Availability, and Confidentiality trust service criteria and was conducted by an independent third-party auditor. Customers and prospects may request a copy under NDA by contacting security@coverbase.ai.

Annual Penetration Test Completed

Security

Published 2026-03-15

Coverbase completed its annual external penetration test conducted by a leading third-party security firm. All critical and high-severity findings have been remediated. Internal vulnerability scanning, SAST, and DAST processes continue to run continuously across all production systems.