Our partners entrust us to handle sensitive information as we provide insurance options for their clients, which is why we’ve built security directly into our process. Our Secure Software Development Life Cycle (SSDLC) integrates a multi-disciplinary team to collaborate on security concerns throughout our entire product development cycle.
Our Network Operations Center (NOC) utilizes state-of-the-art Security Information and Event Management (SIEM) to provide 24x7 network monitoring, intrusion prevention and detection alerting. All sites deploy firewalls and traffic monitoring to ensure the security, stability, and reliability of our network and systems.
In addition to application and network security, all devices accessing our network are managed and secured. WOOP workstations and mobile devices are centrally managed, fully encrypted, and utilize anti-virus and anti-malware protections. Secure VPNs (Virtual Private Networks) are used to connect offices and remote users.
WOOP offices are under continuous video surveillance, and access is controlled by programmable key fobs. Any visitors are escorted at all times by staff members. Cloud infrastructure providers are certified for SOC2 or ISO 27001:2013 compliance. All physical hosting locations provide multiple layers of security, including biometrics, physical guards, cameras, and secure equipment racks/cages.
We require annual evaluation of all third-party vendors for data security and compliance, and we perform background checks on all staff members. Woop maintains PCI-DSS certification, and values SOC2, CCPA, and NYDFS compliance. Woop's information security policies and processes are managed and monitored through our centralized Governance, Risk & Compliance (GRC) platform.
Our Confidentiality & Security Team (CST) oversees WOOP’s security program. We recognize information must be managed and protected, as it has a significant impact on our products, partners, and end consumers.