Built for regulated work.
Your cost data and pricing strategies are crown jewels. Basis protects them with enterprise-grade encryption, access controls, and compliance certifications.
Certifications and frameworks
Meeting the standards your customers and auditors require.
Defense in depth
Multiple layers of protection for your most sensitive data.
AES-256 at rest
All data encrypted with AES-256-GCM at rest. Database fields, file uploads, and backups are encrypted before they touch disk.
TLS 1.3 in transit
Every connection uses TLS 1.3 with strong cipher suites. HSTS enforced. Certificate transparency monitored.
SSO / SCIM
Enterprise SSO via SAML 2.0 and OIDC. SCIM for automated user provisioning and deprovisioning. MFA enforced.
Full audit log
Every create, read, update, and delete is logged with actor, timestamp, and IP. Exportable and query-able. 7-year retention.
Least-privilege roles
Four built-in roles with granular permissions. Custom roles available on Enterprise. Tenant isolation enforced at the database layer.
Pen-tested annually
Annual third-party penetration tests by an independent firm. Findings tracked to resolution. Reports available under NDA.
Certification timeline
Our path to the highest levels of compliance assurance.
SOC 2 Type I
Controls design validated
SOC 2 Type II audit begins
Observation window opens
SOC 2 Type II certified
Full operational effectiveness
FedRAMP Moderate
On the roadmap
Request our security package
Everything you need for your vendor security review.
Security whitepaper
Architecture overview, data flow diagrams, and control descriptions in a single document.
Download PDFPen-test report
Latest third-party penetration test results available under NDA for qualified prospects.
Request under NDASecurity review call
Schedule a 30-minute call with our security team to discuss your specific requirements.
Schedule a callSecurity questions?
Our team is happy to walk through our security posture, share documentation, or discuss your compliance requirements.