Monitoring

Continuously monitored controls

The full list of the security and compliance controls Seam maintains and continuously monitors. Each category below lists the policies and controls we have in place.
Back to Trust Center

Change Management

Policies and processes that govern how changes are made to Seam's systems, ensuring stability and security.

Configuration and Asset Management Policy
Production data is not used in development and testing environments, unless required to debug customer issues
Baseline configurations are maintained for infrastructure
Secure Development Policy
Change Management Policy
All software changes are tested before deployment
Segregation of development, staging, and production environments
System changes require approval from at least one independent reviewer

Availability

Controls ensuring Seam's services are available and resilient to disruption.

High availability configuration for critical systems
Business Continuity and Disaster Recovery Policy
Business continuity plan is periodically tested via tabletop exercises
Automated backup processes for critical data
Uptime and availability monitoring
Backup restoration is tested annually in a non-production environment

Organizational Management

Governance, policies, and people practices that underpin Seam's security program.

Pre-employment background checks
Code of Conduct
Cybersecurity insurance coverage
Annual security awareness training for all personnel
Formal disciplinary action procedures
Annual performance reviews
Information Security Policy
Internal control policy with ongoing monitoring
New hire screening and confidentiality agreements
Independent advisor board structure
Documented roles and responsibilities
Annual policy acknowledgement by all personnel
Acceptable Use Policy
Annual senior management and security team reviews

Confidentiality

Policies and controls protecting the confidentiality of customer data.

Customer data retention procedures
Data Retention and Disposal Policy
Data disposal procedures on customer request
Data Classification Policy
Access, erasure, and destruction of customer data is restricted to personnel that need access based on the principle of least privilege

Vulnerability Management

Processes to identify, assess, and remediate security vulnerabilities.

Vulnerability and Patch Management Policy
Annual third-party penetration testing with tracking of critical and high findings

Incident Response

Procedures for detecting, responding to, and learning from security incidents.

Incident Response Plan
Post-resolution lessons learned documentation
Ongoing incident tracking and analysis
Incident response plan is tested via tabletop exercises

Risk Assessment

Processes to identify and evaluate risk across vendors, systems, and operations.

Vendor risk assessment with annual reassessment
Risk register maintenance
Formal risk assessments
Vendor due diligence review (SOC 2 or equivalent, annually)
Risk Assessment and Treatment Policy
Vendor Risk Management Policy

Network Security

Controls protecting Seam's network perimeter and internal systems from threats.

Network Security Policy
Restricted port configurations and firewalls
Endpoint security including strong password policy, anti-virus, and hard drive encryption
Network traffic monitoring
Automated alerting for security events
Logging and monitoring for threats

Access Security

Controls governing who has access to what, and how that access is managed and reviewed.

Unique access IDs for all personnel
Encryption and Key Management Policy
Annual review of asset inventory
Access is removed upon personnel termination
Encryption at rest for service data
Least privilege access provisioning
Administrative access is restricted
Scheduled user access reviews
Access Control and Termination Policy
Complex passwords with multi-factor authentication
Encryption in transit for data sent over the internet

Physical Security

Policies governing physical access to Seam's facilities.

Physical Security Policy for all facilities

Communications

How Seam communicates security, privacy, and service commitments to its stakeholders.

Critical information is communicated to external parties
Privacy Policy published for users and personnel
Security commitments are communicated
Terms of Service published for external users
Service descriptions are publicly available
Confidential reporting channel for internal and external parties
Products
API ConsoleSeam ComponentsSupported DevicesPricingAccess Systems APISmart Locks APIThermostats API
Company
AboutBlogCareersChangelogContact UsCustomersTerms & PrivacyOpen SourceSecuritySupportTrust Center
Developers
Quick StartAPI DocumentationGet API KeysLibraries & SDKsSeam CLI
Smart Locks
August Locks GuideDormakaba Oracode Locks GuideIgloohome Locks GuideKwikset Locks GuideLockly Locks GuideNuki Locks GuideSalto Locks GuideSchlage Locks GuideSmartThings Connected LocksTedee Locks GuideTTLocks GuideWyze Locks GuideYale Locks Guide
Access Systems
ASSA ABLOY Visionline GuideAvigilon Access Control GuideBrivo Access Control GuideControlByWeb Guide4Suites Locks GuidePTI Security Systems GuideSalto KSSalto Space2N Intercom Guide
Knowledge
Ultimate Guide to Access ControlBest Smartlocks for AirbnbBest Thermostats for Airbnb
Thermostats
Nest Thermostats GuideEcobee Thermostats GuideHoneywell Thermostats Guide
Sensors
Minut Sensors GuideNoiseaware Sensors Guide
Smart Locks
Access Systems
Knowledge
Thermostats
Sensors
© 2025 Seam Labs, Inc.