PartsSource is committed to earning and maintaining customer trust through transparent security practices, strong technical controls, and alignment with recognized compliance standards.
Our security approach
PartsSource uses a layered security approach that combines governance, secure engineering, operational monitoring, and independent assurance to protect customer data.
- Documented information security policies and standards
- Least-privilege access controls and role-based access
- Secure software development lifecycle practices
- Ongoing vulnerability management and remediation
- Logging, monitoring, and incident response processes
- Personnel security controls, including pre-employment background checks and role-appropriate screenings for staff with access to sensitive systems.
Secure hosting (Amazon Web Services)
PartsSource hosts its production platform on Amazon Web Services (AWS), an industry-leading cloud provider trusted by enterprises worldwide. AWS delivers a secure and resilient infrastructure foundation. PartsSource is responsible for securing applications, configurations, and customer data under the AWS shared responsibility model. PartsSource operates its production workloads exclusively within AWS regions in the United States, with primary deployments in AWS US‑East (us‑east-1).
Infrastructure security
- Logical isolation using AWS account, network, and identity boundaries
- Deployment in AWS regions with strong physical and environmental controls
- Redundant data centers designed for high availability and fault tolerance
AWS certifications & compliance
- SOC 1, SOC 2, and SOC 3 reports
- ISO/IEC 27001, 27017, and 27018 certifications
- PCI DSS compliance for applicable services
- HIPAA-eligible services
- Alignment with NIST and CSA frameworks
These certifications apply to AWS infrastructure and support PartsSource’s overall security posture.
Encryption & key management
- Encryption in transit using TLS 1.2 or higher
- Encryption at rest using AWS-managed encryption
- Restricted and monitored access to encryption ke
Network security
- AWS Virtual Private Cloud (VPC) network segmentation
- Security groups and network ACLs enforcing least privilege
- Layered protections against common web-based attacks
Monitoring & logging
- Centralized logging for infrastructure and application activity
- Continuous monitoring and alerting
- Integrated incident response workflows
Availability & resilience
- Fault-tolerant architectures
- Documented backup and recovery procedures
- Periodic testing of restoration processes
PartsSource maintains a documented Business Continuity and Disaster Recovery (BCDR) program, including recovery objectives, runbooks, and periodic exercises to validate recovery plans.
Compliance & certifications
- SOC 2 Type 1 completed (2025)
- SOC 2 Type 2 on schedule for completion (2026)
- ISO/IEC 27001 on schedule (2027)
- PartsSource performs regular security scanning, testing, and independent assessments of its environment on a recurring basis, including activities that occur as frequently as monthly, to validate the effectiveness of security controls and identify areas for continuous improvement.
Integration security
PartsSource supports secure integrations including ERP punch-outs, healthcare CMMS systems, and ticketing platforms such as ServiceNow.
- Least-privilege integration accounts
- Secure credential handling and rotation practices
- Validation, logging, and monitoring of integration activity
Customer security guidance
- Use strong, unique passwords and enable MFA where available
- Limit administrative access and review users regularly
- Protect integration credentials and rotate them periodically
- Be vigilant against phishing and social engineering
Incident response
- Defined incident response roles and procedures
- Detection, containment, eradication, and recovery processes
- Customer notification aligned to contractual requirements, with expected notification timeframes (e.g., notifications for confirmed data breaches will be provided within 72 hours of confirmation, in accordance with contractual and legal obligations).
- Post-incident root cause analysis and remediation tracking are performed; PartsSource engages third-party forensic and incident response partners as appropriate to support investigations and validation of findings.
Contact
For security questions or to report a concern, contact: security@partssource.com