> ## Documentation Index
> Fetch the complete documentation index at: https://docs.monterey.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Security Overview

> An overview of Reforge Insights security features and practices.

# Governance

Reforge Insights establishes policies and controls, monitors compliance with those controls, and proves the security and compliacne to third-party auditors.

Employees are trained on security best-practices, are required to review, understand, and accept policies, and are granted the minimal access possible to data and applications required to perform their job duties.

# Compliance Standards

Reforge Insights is SOC 2 Type II compliant. Contact [support@monterey.ai](mailto:support@monterey.ai) to request our latest report.

# Data Security

* Data is encrypted at rest and in-transit.
* Data is backed-up regularly and stored long-term for recovery purposes.

# Product Security

* Penetration testing is performed annually by a third-party firm, covering all cloud infrastructure and application code.
* Vulnerability scanning is performed continuously, and vulnerabilities are remediated per the following SLAs:
  * Critical: 14 days
  * High: 30 days
  * Medium: 60 days
  * Low: 90 days
* Security training is provided to all employees annually.