Your Guide to AI in the GSOC
How security operations are benefiting from innovative tech (and how to get started in your program).
TRUST & COMPLIANCE
Trusted by the teams that trust no one
HiveWatch security: SOC 2 Type II audited, independently pen-tested, and continuously monitored.
PROOF, NOT PROMISES
Audited, certified, and aligned to critical security frameworks.
SOC 2 Type II
Independently audited annually by a CPA firm against the AICPA Trust Services Criteria for Security. Our SOC 2 Type II report is available by request.
NIST Cybersecurity
Security controls map to NIST standards including 800-53, supporting customers with regulated-industry compliance requirements.
GDPR
Supports customers operating under EU data protection law. We maintain data processing practices compliant with GDPR requirements.
CCPA
HiveWatch does not sell, share, or disseminate personal data to any third party. California residents may submit data rights requests via our contact page.
PLATFORM SECURITY
How HiveWatch OS is built and protected
Six layers of platform security — built on AWS, monitored 24/7, and fully auditable.
AWS · MULTI-REGION
Cloud architecture, hardened by design
HiveWatch runs on Amazon Web Services (AWS), deployed across production environments with private VPC networking, dedicated single-tenant database environments per customer deployment, and multi-region capability including US and EU.
SSO · MFA · RBAC
Access controls built on least privilege
HiveWatch supports best-practice access control, including Single Sign-On (SSO) with major identity providers, multi-factor authentication (MFA) with hardware key support, and token-based access. Role-based access control (RBAC) based on the principle of least privilege governs all user permissions.
IN TRANSIT · AT REST
Industry-standard encryption, end to end
All data is industry-standard encrypted in transit and at rest. Credentials are managed in AWS Secrets Manager and never hardcoded.
WEEKLY CADENCE
Patched, tested, and pen-tested
We maintain a weekly OS patching cadence across all production infrastructure. Independent, third-party penetration testing is conducted on a regular basis, with dedicated pen-test environments separate from production.
24/7 MONITORING
Continuous monitoring with defined escalation
HiveWatch operates continuous monitoring across security system infrastructure, with alerting and escalation paths defined for all production systems. Our incident response process governs detection, containment, and timely customer notification.
FULLY LOGGED
Every action, logged and queryable
Actions taken within the HiveWatch platform — including operator decisions, incident resolutions, system configuration changes, and device logs — are fully logged and queryable. Auditability is a core product capability.
AVAILABILITY & RELIABILITY
Built for 24/7 security operations.
Resilient by design, not just by performance.
HiveWatch runs on AWS with production architecture designed for high availability at every layer. Our database infrastructure uses RDS with High Availability enabled and RDS Proxy for connection management, providing automatic failover with minimal interruption. Video data is stored in Amazon S3, built on AWS native multi-AZ redundancy.
Production systems are monitored continuously via CloudWatch with automated alerting across platform health, ACS connectivity, video pipeline, and infrastructure resources. On-call engineering coverage 24/7 ensures alerts result in human action.
Software updates deploy on a managed release cadence. Maintenance windows are scheduled in coordination with GSOC operations and customers are notified in advance.
DATA PRIVACY
You control your data. We process it.
HiveWatch operates as a data processor on behalf of our customers. You decide what data enters the platform, who can access it, and how long it is retained.
- What we don’t do. We do not sell customer data. We do not use customer data to train models without explicit consent.
- Data retention. Customer data is retained per contract terms and deleted upon request.
- Data residency. HiveWatch supports US and EU data residency options; additional regions can be made available as needed.
- Sub-processors. A list of HiveWatch authorized sub-processors is available upon request.
REMOTE GSOC SECURITY
When HiveWatch operates your security, the same standards apply.
Customers using HiveWatch’s remote GSOC services get the same compliance commitments that govern our platform — extended to our people.
All HiveWatch GSOC operators undergo background screening prior to engagement. Operators are granted role-based access to your environment limited to what is required to perform their function, and all activity is captured in the HiveWatch audit trail.
FREQUENTLY ASKED QUESTIONS
Quick answers for security buyers.
Do you have a SOC 2 Type II report?
Yes. Available to customers and qualified prospects under NDA. Request one here.
Do you support SSO?
Yes. HiveWatch supports SAML-based SSO with Okta, Entra ID, and other major identity providers.
Do you support MFA, including hardware keys?
Yes. HiveWatch supports MFA including hardware security key authentication.
Are you GDPR compliant?
Yes. We offer Data Processing Agreements and support EU data residency.
Can we conduct a security assessment or penetration test?
We can provide you with a copy of our penetration testing. Contact us to begin the process.
Do you have FedRAMP authorization?
Not currently. We have SOC 2 Type II and NIST alignment. FedRAMP is on our roadmap for customers in regulated federal environments.
How do you handle a security incident?
We notify affected customers promptly in accordance with our incident response policy and applicable law. Our full incident response process is available upon request.
STILL HAVE QUESTIONS?
For anything our page didn't answer
Our security team is available for reviews, questionnaires, and procurement conversations.