7Sigma Security and Compliance Policy
As of March 2026
7Sigma is committed to protecting customer data through strong technical controls, secure engineering practices, and a culture of security across our organization. Security is built into every layer of the 7Sigma platform, from infrastructure to application design. We align our program with industry-accepted standards, including SOC 2, ISO 27001, NIST CSF, and leading cloud-security best practices.
Industry Compliance
7Sigma complies with major privacy regulations by ensuring lawful and secure handling of personal data. Where required, we support GDPR rights for individuals, follow CCPA requirements for transparency and control of personal information, and do not handle cardholder data, making PCI DSS not applicable to our services.
Data Center & Physical Security
7Sigma operates on Secure Hosted Data Centers, using data centers certified for ISO 27001, SOC 2, and PCI DSS Level 1. Our Secure Hosted Data Center provides a secure and resilient infrastructure with redundant power, cooling, and fire suppression, along with strong on-site security measures such as multi-factor facility access, 24/7 secure hosted data center security personnel, intrusion detection, continuous surveillance, and robust environmental controls.
Data Hosting Location
7Sigma stores customer data in secure hosted data centers located in the United States. Hosting in other jurisdictions can be supported on a case-by-case basis.
Network Security
7Sigma’s security program combines a knowledgeable security team with a defense-in-depth network architecture that uses s security services, web application firewalls, network segmentation, and least-privilege access controls. Our teams monitor system activity, review logs, and investigate alerts to identify and respond to potential issues, while our secure hosted data center’s built-in traffic filtering, network isolation, and DDoS mitigation help maintain reliability and service availability.
Intrusion Detection & Threat Intelligence
We monitor network activity using automated detection systems and participate in trusted threat-intelligence channels to stay aware of emerging risks. Alerts are evaluated and escalated based on severity.
Logical Access Controls
Access to production systems follows strict least-privilege principles, with MFA required for all administrative and sensitive operations. Access rights are regularly reviewed and audited, and all administrative actions are logged and monitored to ensure accountability and security.
Security Incident Response
7Sigma maintains documented incident response procedures that cover detection, triage, communication, and remediation. High-severity alerts are escalated immediately, roles and responsibilities are clearly defined, and involved employees receive appropriate training to ensure effective response.
Encryption
All data is protected with up-to-date encryption standards during transmission.
Availability & Business Continuity
7Sigma ensures strong service reliability via multi-zone redundancy in our secure hosted data center as needed, and disaster recovery plans that include backups, failover procedures, and regular testing.
Application Security
7Sigma follows secure development practices, including annual training and strict separation of development, staging, and production environments. Code is reviewed and tested before release to help ensure quality and security.
Product Security
7Sigma provides secure authentication through native login and SSO options, enforces strong password requirements, and offers granular role-based access controls. New device logins are tracked to enhance account visibility and security.
Human Resources Security
7Sigma ensures a trusted workforce through required security awareness training for all employees, comprehensive background checks for employees and contractors, and mandatory confidentiality and non-disclosure agreements.
7Sigma continually evaluates and enhances its security practices to ensure the protection, confidentiality, and integrity of customer data.