Compliance
Security certifications and compliance practices
StarSling is committed to meeting enterprise security requirements.
Current Status
SOC 2 Type II
Status: In progress
We are actively working toward SOC 2 Type II certification. Expected completion: Q3 2026.
ISO 27001
Status: In progress
We are actively working toward ISO 27001 certification in parallel with SOC 2 Type II. Expected completion: Q3 2026.
Security Practices
Access Control
- All employee access requires MFA
- Production access limited to on-call engineers
- Access logged and audited quarterly
Infrastructure Security
- Cloud infrastructure with security best practices
- Regular security patches applied
- Network segmentation between environments
Incident Response
- 24/7 on-call rotation
- Documented incident response procedures
- Customer notification within 24 hours for security incidents
Vulnerability Management
- Regular dependency updates
- Automated security scanning in CI
- Responsible disclosure program
Penetration Testing
We conduct annual penetration tests with third-party security firms.
Most recent test: Q4 2024
Findings: No critical or high severity findings
Reports available under NDA for Enterprise customers.
Vendor Security
GitHub
We integrate with GitHub's APIs, which maintain:
- SOC 1, 2
- ISO 27001
- FedRAMP
Security Questionnaire
For enterprise security reviews, we provide:
- CAIQ (Consensus Assessment Initiative Questionnaire)
- SIG (Standard Information Gathering)
- Custom questionnaire responses
Contact founders@starsling.dev to request security documentation.
Responsible Disclosure
If you discover a security vulnerability, please report it to:
We commit to:
- Acknowledging receipt within 24 hours
- Providing status updates every 72 hours
- Not pursuing legal action for good-faith research
Enterprise Security Features
Available for Enterprise:
- Single Sign-On (SSO) via SAML
- Audit log export
- Custom data retention policies
- Dedicated support channel
- Security review calls