Product

Use Cases

Company

Trust Center

Build protects your knowledge and your data with enterprise-grade security and compliance.

security@build.inc Privacy Policy
Request access

Compliance

SOC 2 Type II SOC 2 Type II
SOC 2 Type I SOC 2 Type I

Controls

76 controls across 25 categories

Asset management

Comprehensive inventory and lifecycle controls prevent unauthorized devices from accessing systems or sensitive data.

  • Technology asset inventory
  • Secure media disposal

Business continuity and disaster recovery

Tested failover systems and validated recovery plans keep services running and data intact during disruptions.

  • Emergency operations continuity
  • Multi-availability zone deployment
  • Business continuity and disaster recovery plan

Capacity and performance planning

Proactive monitoring and scaling mechanisms maintain service availability and responsiveness during demand spikes.

  • Capacity and performance monitoring

Change management

Structured review and approval gates stop destabilizing or unauthorized changes from reaching production environments.

  • Material system change communication
  • Customer notification for major changes

Cloud security

Defense-in-depth controls across identity, network and configuration protect cloud infrastructure from unauthorized access and exposure.

  • Cloud provider physical access review

Configuration management

Enforced baselines and automated drift detection eliminate insecure configurations before they create exposure.

  • Baseline configuration management

Continuous monitoring

Always-on visibility enables rapid detection and containment of suspicious activity across all systems.

  • Centralized log collection and monitoring

Cryptographic protections

Strong encryption preserves data confidentiality at rest and in transit against interception or theft.

  • Production key management
  • Encryption at rest
  • Encryption in transit

Cybersecurity and data privacy governance

Executive accountability and robust policies align security programs with regulatory, contractual and business requirements.

  • Board security briefings
  • Governance committee bylaws
  • Annual strategic planning

Data classification and handling

Sensitivity-based rules govern storage, transmission, retention and disposal to guard against unauthorized disclosure.

  • Data retention and deletion policy
  • Customer data deletion
  • Data classification and access control

Endpoint security

Managed protection and hardened configurations defend workstations and laptops against compromise and data theft.

  • Anti-malware protection
  • Removable media controls

Human resources security

Thorough screening, structured training and prompt offboarding ensure personnel act as trusted data stewards.

  • Employee confidentiality agreements
  • Termination access revocation
  • Employee background checks

Identification and authentication

Strong verification and access controls deny unauthorized users entry to systems and sensitive data.

  • Access control procedures
  • Session timeout enforcement
  • Least-privilege access for production infrastructure

Incident response

Prepared teams and practiced playbooks enable rapid containment and clear stakeholder communication during security events.

  • Security concern resolution
  • Incident response procedures
  • Security incident logging

Information assurance

Integrity validation detects unauthorized modification and confirms data remains accurate and complete throughout its lifecycle.

  • Security documentation availability

Mobile device management

Enforced policies and remote controls shield sensitive data on phones and tablets from loss or compromise.

  • Mobile device management

Network security

Segmentation, filtering and intrusion detection block unauthorized traffic and contain lateral movement across the network.

  • Secure connection requirements
  • Firewall rule management
  • Network firewall

Physical and environmental security

Robust facility protections and strict access restrictions secure infrastructure from physical threats and unauthorized entry.

  • Visitor management policy

Risk management

Formal evaluation processes surface, rank and address organizational threats before they materialize into incidents.

  • Security and privacy risk management
  • Annual risk assessment
  • Cybersecurity insurance

Secure engineering and architecture

Security-first design principles and rigorous review gates stop vulnerabilities from reaching production systems.

  • Source code access controls
  • Source code change approval
  • Secure development procedures

Security awareness and training

Regular education and targeted exercises equip employees to recognize and defeat social engineering and common mistakes.

  • Security awareness training

Security operations

Dedicated teams and mature procedures maintain continuous protection of systems and customer data.

  • Intrusion detection
  • Customer support availability

Third-party management

Rigorous evaluation and ongoing review limit exposure introduced by vendors, partners and subprocessors.

  • Outsourced development security
  • Vendor management program
  • Contractor confidentiality agreements

Vulnerability and patch management

Proactive scanning and prioritized remediation close security gaps before attackers can exploit them.

  • Vulnerability scanning and remediation
  • Patch management

Web security

Hardened applications and multi-tier defenses shield customer-facing systems from injection, fraud and abuse.

  • Web application firewall