Access Control & Identity Management
How Seam manages access to systems and data across the organization.
Seam maintains an inventory of system assets and their owners, reviewed at least annually
All personnel are required to authenticate using strong passwords and multi-factor authentication
Access to systems is provisioned on a least-privilege, role-based basis and reviewed periodically
Administrative access to production infrastructure is separately restricted
Data Protection & Encryption
Controls ensuring customer data is protected in transit and at rest.
Service data is encrypted in transit using industry-standard cryptographic protocols
An Encryption and Key Management Policy governs the use of cryptographic controls
Customer data is retained and disposed of in accordance with a Data Retention and Disposal Policy and contractual obligations
Access to customer data — including its erasure or destruction — is restricted to authorized personnel
A Data Classification Policy defines handling requirements for data
Organizational & Human Resources Security
Governance, policies, and people practices that underpin Seam's security program.
Seam has established a formal information security governance structure, with security objectives and risks reviewed at least quarterly
All personnel sign confidentiality agreements and complete mandatory annual security awareness training
Roles and responsibilities for security are documented in policies
An Information Security Policy, Acceptable Use Policy, Code of Conduct, and disciplinary framework apply to all personnel, who review and accept applicable policies at least annually
Network & Infrastructure Security
Controls protecting Seam's network perimeter and systems from threats.
Endpoints are configured with strong password policies and anti-malware protection
Network traffic to the production environment is monitored by dedicated security tooling
Firewalls restrict access to only necessary ports, protocols, and services
Logging and monitoring software detects threats and anomalous activity, with alerting to notify relevant teams
Availability & Business Continuity
Controls ensuring Seam's services are resilient and recoverable.
System uptime is monitored against predetermined criteria and the system is configured for high availability where applicable
Backups are performed and retained per Seam's Business Continuity and Disaster Recovery (BCDR) Policy, with integrity validated through restoration testing at least annually
The BCDR Plan is tested via tabletop exercises and updated based on results
Incident Response
Procedures for detecting, responding to, and learning from security incidents.
Seam maintains a formal Incident Response Plan governing the identification, prioritization, communication, and resolution of security incidents
Incidents are documented and tracked to closure
Following resolution, a lessons-learned review drives continuous improvement
The plan is periodically tested and updated
Risk & Vendor Management
Processes to identify and manage risk across operations and the vendor ecosystem.
Risk assessments are conducted to identify threats and vulnerabilities across security, availability, confidentiality, and fraud domains, with identified risks recorded in a risk register alongside mitigation strategies
Vendor risk is managed through a dedicated Vendor Risk Management Policy
Vulnerability Management
Processes to identify, assess, and remediate security vulnerabilities.
A Vulnerability and Patch Management Policy governs the identification and remediation of vulnerabilities
An independent third party conducts penetration testing of the production environment at least annually
Critical and high-risk findings are tracked through resolution