Safety & Compliance

Security and compliance are top priorities for Cockpit, as they are fundamental to your experience with the product. Cockpit uses a variety of technologies and services in accordance with current standards to protect your data unauthorized access, disclosure, use and loss. Security is managed by Cockpit's Chief Technology Officer.

Infrastructure and network security

Physical access control

Cockpit is hosted on Google Cloud Platform (GCP). In line with GCP's commitments, physical barriers are used to prevent unauthorized entry to facilities, both on the perimeter and at building access points. GCP also operates electronic intrusion detection systems designed to detect unauthorized access to the facilities, including monitoring points of vulnerability (e.g. main entrance doors, emergency exit doors, roof hatches, dock doors, etc.) with door contacts, glass breakage devices, interior motion detectors or other devices designed to detect people attempting access the facilities. All physical access to facilities by employees and subcontractors is recorded and regularly audited.

Cockpit employees no physical access to data centers, servers, network equipment or GCP storage.

Penetration testing

Cockpit is subjected to annual pen tests by an independent third-party agency. Customer data is exposed to the agency through pen tests.

Information on all security vulnerabilities successfully exploited through penetration testing is used to define priorities for mitigation and remediation. A summary of penetration test results is made available to customers on request.

Data security and confidentiality

Data encryption

Data on Cockpit servers is encrypted at rest.

Encryption at rest enables continuity measures such as backup and infrastructure management to be taken without compromising data security and confidentiality.

Cockpit sends data exclusively via HTTPS transport layer security (TLS) encrypted connections, for added security when data transits to and from the application. Data traffic between our servers and the database/data storage takes place within our VPC in GCP.

Data deletion

When a customer terminates their contract with Cockpit, all data stored on the account becomes inaccessible to the customer within 24 hours. All data collected by Cockpit will be deleted after 30 . Data can also be deleted upon request to the Account Manager in charge of the account or by contacting the DPO at dpo@getcockpit.io.

Application security

Single sign-on (SSO)

Users can register on Cockpit with Google or Microsoft accounts SSO. In this case, they will not be able to have a dedicated password on Cockpit. If multi-factor authentication is enabled by your identity provider (Microsoft or Google), this also enables multi-factor authentication to be applied when logging into Cockpit.

Password security

Cockpit applies a complex password policy using at least 8 characters, a special character, upper and lower case, and a number.

Company security

Safety policies

Cockpit has a set of internal security policies. These policies are updated and reviewed at least once a year. An overview of these policies is available on request.

Employee training

All new employees receive induction, RGPD and security training. In addition, all employees undergo RGPD training at least once a year.

Data confidentiality

To ensure that the personal data you send to Cockpit receives the protection required by applicable data protection laws, Cockpit offers a subcontracting agreement (DPA) that incorporates its data confidentiality commitments.

Employee training

All new employees receive induction, RGPD and security training. In addition, all employees undergo RGPD training at least once a year.