Trust Center
Last updated: April 13, 2026
Our Commitment to Client Data Security
Crush Security Group, Inc. is committed to protecting the confidentiality, integrity, and availability of client information. We hold ourselves to the same rigorous standards we help our clients achieve. The controls, certifications, and practices described in this document apply across all Crush Security service lines: Services as a Platform, Software Resell, and Threat Intelligence.
Active Certifications
| Certification | Status | Scope |
|---|---|---|
| ISO/IEC 27001:2022 | Pending final audit report (Q2) | Information Security Management System (ISMS) covering all 93 Annex A controls. Subject to annual surveillance audits. |
| SOC 2 Type II | Pending observation period | SOC 2 Type II examination completed across Security, Availability, and Confidentiality Trust Services Criteria. |
Information Security Practices
Client data is handled in strict accordance with our certified ISMS and the controls outlined in our Statement of Applicability. The following practices apply across all client engagements:
Confidentiality & Access Control
Access to client deliverables, assessment findings, and credentials is limited to personnel with a documented need-to-know. All engagements are governed by mutual non-disclosure agreements and data processing agreements as required. Client data is encrypted in transit and at rest and is never shared outside the defined engagement scope.
Risk Management & Continuous Improvement
Crush Security conducts ongoing risk assessments, internal audits, and management reviews to ensure security controls remain effective and aligned with evolving threats. Risk treatment decisions are documented and tracked to completion. The ISMS is reviewed at planned intervals and updated to reflect changes in the threat landscape, regulatory environment, and business context.
Personnel & Ethical Obligations
All Crush Security personnel are subject to background screening, annual security awareness training, and a Consultant Code of Conduct with documented ethical obligations. Personnel handling client data complete role-specific training commensurate with their access level and engagement responsibilities.
Business Continuity & Incident Response
Business continuity and incident response plans are documented, tested on a regular cadence, and updated following material changes to operations. In the event of a security incident affecting client data, Crush Security will notify affected parties in accordance with applicable contractual and regulatory obligations.
Certification Verification & Contact
To request certification documentation or to submit a security inquiry, contact info@crushsecurity.com.