Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

Security Training, Response, And Resilience

How Graphite's people, plans, and processes stay ready for the unexpected.

Security depends on what your provider has in place before something happens — trained people, secured devices, tested plans, and documented procedures. This article covers the human side of Graphite's security posture and how we stay ready for the unexpected.

Security Training

Every Graphite employee completes mandatory security awareness training annually. The training covers:

  • Recognizing and handling phishing and social engineering attempts.
  • Secure handling of client information.
  • Password hygiene and credential management standards.
  • Incident identification and internal reporting protocols.
  • Acceptable use policies for company systems and data.

Training completion is tracked and enforced across the organization. No employee is exempt, regardless of role or tenure.

Device Security

Every Graphite employee works on a company-managed device. Personal devices are not permitted to access client data or internal systems under any circumstance.

Every managed device is configured with:

  • Full-disk encryption All data stored on the device is encrypted at rest. If a device is lost or stolen, the data is inaccessible without authentication.
  • Screen lock policies Automatic screen locking is enforced after a defined period of inactivity, preventing unauthorized access to an unattended device.
  • Endpoint protection Real-time behavioral monitoring, threat detection, and autonomous containment runs on every device through SentinelOne.
  • Centralized device management Security policies and configurations are pushed and enforced remotely, including remote wipe capability for any device that is lost, stolen, or needs to be decommissioned quickly.

Even if a device is lost or stolen, client data on that device cannot be compromised.

Incident Response

Graphite operates under a formal incident response program covering the full lifecycle of any security or privacy event.

  • Incident response policy Security and privacy incident response policies are formally documented and communicated to all authorized users.
  • Annual testing The incident response plan is tested at least annually to validate its effectiveness and identify gaps.
  • Incident management Security and privacy incidents are logged, tracked, resolved, and communicated to affected parties by management in accordance with the incident response policy.
  • External reporting channel An external-facing support system allows users to report system failures, incidents, concerns, and complaints to appropriate personnel.

Business Continuity and Disaster Recovery

Operations continuity is planned for, documented, and tested — so a disruption doesn't become a crisis.

  • BC/DR plans Business continuity and disaster recovery plans are in place, covering communication protocols and information security continuity in the event of key personnel unavailability.
  • Annual testing The BC/DR plan is tested at least annually to validate recovery procedures and identify areas for improvement.
  • Cybersecurity insurance Graphite maintains cybersecurity insurance to mitigate the financial impact of business disruptions caused by security incidents.
  • Data backup A formal data backup policy documents requirements for backup and recovery of client data, ensuring recoverability in the event of data loss or system failure.

Risk Management and Governance

Security practices stay current through a documented risk management program and ongoing governance.

  • Annual risk assessments Formal risk assessments are performed at least annually, covering threats, environmental and regulatory changes, and fraud risk. Results inform the company's risk mitigation strategy.
  • Risk management program A documented program provides guidance on threat identification, risk rating, and mitigation strategies across the organization.
  • Security policies Information security policies and procedures are formally documented and reviewed at least annually to remain current and effective.

Where to Go From Here

For the controls and infrastructure protecting your data, see Security Practices At Graphite. For how Graphite secures day-to-day communication and collaboration with you, see How Graphite Works With Client Data Securely. To report a suspected security issue, see How to Submit Requests.