TRUST CENTER
At Picus Security, we enable security teams to continuously validate and enhance organizations’ cyber resilience. The Picus Trust Center helps you discover all about our company’s corporate policies and practices, legal information and materials that explain how we comply with privacy and security fundamentals.
Welcome to the PICUS Vulnerability Disclosure Program! This program provides detailed information about the systems and research areas covered, along with instructions on how to submit vulnerability reports. We kindly request to adhere to a waiting period before publicly disclosing any vulnerabilities you might have found. If you believe you have discovered a vulnerability, please reach out to us by filling out the report below
What is The Picus Trust Center?
The Picus Trust Center is a centralized resource, which is created to inform you about our corporate policies and practices, legal information and materials that explain how Picus Security complies with security and privacy fundamentals.
Which standards, regulations and best practices does Picus compliant with?
Picus holds ISO/IEC 27001:2013, ISO/IEC 22301:2019 and ISO/IEC 20000-1:2018 certificates and AICPA SOC 2 Type 2 report
Does Picus conduct third-party risk assessments?
Yes, Picus conducts third party risk assessments on a regular basis and continuosly monitors the third parties which provide critical services to the business. It should be noted that no third party vendors have system administration level privileges to Picus services.
Does Picus have a documented, approved, and communicated information security policy?
Picus has ISO/IEC 27001:2013 certification and conducts its processes within an Information Security Management System under this international standard. The Information Security Policy is approved by Picus’ Senior Management team and announced to employees and relevant external parties.