Skip to main content

Documentation Index

Fetch the complete documentation index at: https://help.scribe-mail.com/llms.txt

Use this file to discover all available pages before exploring further.

Scribe follows rigorous internal procedures to ensure security is maintained across the organization. Here is a summary of the key processes we have in place.

Business continuity and disaster recovery

We have Business Continuity and Disaster Recovery Plans that outline communication strategies designed to maintain information security continuity in the event of the unavailability of key personnel.

Configuration management

A configuration management procedure ensures that system configurations are deployed consistently throughout our environment. This reduces the risk of misconfiguration and keeps all systems aligned with our security standards.

Development lifecycle

Scribe follows a formal systems development life cycle (SDLC) methodology. This governs the development, acquisition, implementation, changes (including emergency changes), and maintenance of information systems and related technology requirements.

Roles and responsibilities

Company management has established clearly defined roles and responsibilities to oversee the design and implementation of information security controls. Everyone on the team knows their role in keeping your data safe.

Incident response

We have security and privacy incident response policies and procedures that are documented and communicated to all authorized users. If something goes wrong, we have a plan in place to respond quickly and effectively.

Physical access controls

We maintain processes for granting, changing, and terminating physical access to company data centers. All physical access is based on authorization from control owners. Access to data centers is reviewed at least annually to ensure it remains appropriate.

Risk management

Scribe has a documented risk management program that includes guidance on identifying potential threats, rating the significance of associated risks, and defining mitigation strategies for those risks. All of these controls are verified as part of our SOC 2 Type II compliance process. For more details on our certifications, visit our Trust Center.