Vault overlay

Trust

Ambition's success is directly and irrevocably correlated to our customers' trust in us as a corporation, software platform, and team of professionals. Earning and maintaining your trust is a process that we are committed to, starting here.

SOC 2 Type II Compliance

Ambition achieved SOC 2 Type II accreditation in 2019, the first company within our category to earn this milestone and demonstrate an enterprise-grade commitment to security. An independent auditor evaluates and certifies on an annual basis that Ambition's product, infrastructure, and policies comply with stringent standards.

What this means for you... getting through infosec should be fast and efficient.

Fortune 500 Trusted

Ambition has been deployed within the world's largest companies (and Salesforce deployments) for the better part of a decade. Enterprise-readiness isn't a new initiative for us, it's a proven motion across customers like Verizon, Cisco, FedEx, ADP. You can trust the Ambition platform to be flexible, reliable, and robust.

What this means for you... we don't just check boxes, we deliver at-scale.

EU-US Privacy Shield

Ambition serves companies around the world and has adopted the EU-US Privacy Shield Framework to demonstrate it's commitment to data integrity, protection, and rights in addition to GDPR.

What this means for you... we hold treat your data with the highest regard and security.

Trust Pillar

GDPR

Ambition employs data protection and privacy by design, combining enterprise-grade security features with comprehensive audits of our policies, applications, systems, and networks. Ambition is SOC 2 Type II certified.

Our Privacy Policy is up-to-date and reflects GDPR readiness. DPA and Subprocessors available upon request.

Trust Pillar

Data Center and Network Security

Ambition hosts all its software within Amazon Web Services (AWS) facilities in the USA. Amazon provides an extensive list of compliance and regulatory assurances, including SOC 13, and ISO 27001. See Amazon's compliance and security documents for more detailed information.

All servers are located within Ambition's own virtual private cloud (VPC), protected by restricted security groups allowing only the minimal required communication to and between the servers.

Trust Pillar

Application Security

Web application architecture and implementation follow OWASP guidelines and built in Python with the Django framework, a mature and secure ecosystem.

Single sign-on (SSO) allows you to authenticate users without requiring them to enter login credentials for your Ambition instance. Ambition supports SSO using SAML (Okta, OneLogin, etc.), G-Suite, and Salesforce.

Trust Pillar

Data Security

All connections to Ambition are encrypted using SSL, and any attempt to connect over HTTP is redirected to HTTPS. We maintain an A Grade for Qualys/SSL Labs.

All customer data is encrypted at rest and in-transit.

We use the industry-standard PostgreSQL data storage system hosted on AWS.

Data access and authorizations are provided on a need-to-know basis, and based on the principle of least privilege. Access to the AWS production system is restricted to authorized personnel, and is carried out using VPN.

Trust Pillar

Security Policies & SDLC

Ambition maintains security policies that are maintained, communicated, and approved by management to ensure everyone clearly knows their security responsibilities. Ambition policies are audited annually as part of its SOC2 certification.

Code development is done through a documented SDLC process. Design of all new product functionality is reviewed by an architect. Ambition conducts mandatory code reviews for code changes and periodic in-depth security review of architecture and sensitive code. Ambition development and testing environments are separate from its production environment.

Employee hiring process includes background screening.

Vulnerability Disclosure Process – Ambition considers privacy and security to be core functions of our platform. Earning and keeping the trust of our customers is our top priority, so we hold ourselves to the highest privacy and security standards. If you have discovered a security or privacy issue that you believe we should know about, we would love to hear from you. Please reach out to us at security@ambition.com and let us know.

Trust Pillar

Application Monitoring & Uptime

All access to Ambition applications is logged and audited. Logs are kept for at least one year.

Ambition maintains a formal incident response plan for major events.

Ambition maintains a transparent view into system response time and uptime. Please see the graph below for up-to-date status of the platform.

Ambition Response Time / Uptime