Security Overview
A summary of Lumari's security posture, certifications, and control coverage across all operational areas.
Infrastructure Highlights
- Encryption at rest and in transit
- Multi-factor authentication required
- Automatic TLS/HTTPS on all endpoints
- Row-level security for multi-tenant isolation
- Regular penetration testing
Data Protection
- Data classification policy
- Data retention procedures
- Vendor management program
- Incident response procedures
- Responsible AI usage policy
Documents
Restricted security and compliance documentation. Request access to view a full copy of any document.
Name
No documents found matching your search.
Security Controls
An overview of the security controls Lumari has implemented to protect customer data and maintain compliance.
Access Control and Authorization
6
Access management policy established
Account inventory maintained
Dormant accounts disabled
Employee access regularly reviewed
MFA required for critical services
Password management policy established
Data Management and Protection
3
Data encrypted in-transit
Data inventory maintained
Data management and retention policy established
Disaster Recovery
4
Business continuity and disaster recovery policy established
Data recovery process established
Disaster recovery plans tested
Recovery data isolated
Email Security
3
DMARC policy and verification used
Email account access restricted
Email settings block malicious content
Endpoint Security
4
Anti-malware deployed on end-user devices
Data encrypted on end-user devices
Firewall maintained on end-user devices
Mobile device management (MDM) used
Infrastructure Security
11
Active discovery tools used
Automated security scanning performed on infrastructure
Buckets not exposed publicly
Configuration management system established
Infrastructure changes logged
Infrastructure changes require review
Infrastructure deployed using an infrastructure-as-code tool
Production deployment access restricted
Unauthorized assets addressed and removed
Unique production database authentication enforced
Web Application Firewall (WAF) used
Monitoring and Incident Response
7
Audit log management process maintained
Audit logs collected
Incident response policy established
Incident review process implemented
Infrastructure performance monitored
Log management used
Network infrastructure monitored
Organizational Security
22
Acceptable use policy established
Asset inventory maintained
Asset management policy established
Board charter documented
Board oversight briefings conducted
Change management policy established
Changelog established and maintained
Code of conduct established
Company security commitments externally communicated
Data-flow diagrams maintained
External support resources available (i.e., documentation)
Offboarding process established
Onboarding process established
Policies signed by relevant personnel
Reference checks performed for employees
Roles and responsibilities specified
Security awareness training conducted
Service description communicated
Software development lifecycle established
System changes externally communicated
System changes internally communicated
Third-party security oversight conducted
Risk Management
4
Risk assessments performed
Risk management policy established
Vendor inventory maintained
Vendor management program established
Vulnerability Management
4
Penetration testing findings remediated
Penetration testing performed within the last 12 months
Vulnerabilities scanned
Vulnerability management policy established
No controls found matching your search.
FAQs
Answers to common security and product questions.
No FAQs found matching your search.
Subprocessors
Third-party services that Lumari uses to process data.
Service
Category
P
Porter
No subprocessors found matching your search.