WheelHouse IT | Trust Center
Trust Center
WheelHouse IT is committed to ensuring the confidentiality, integrity, and availability of our customers data. Here is how we protect information and comply with industry standards and regulatons.
See resources

Resources

Subprocessors

Auvik

Config Management / Network Mapping

ConnectSecure

Vulnerability Scanning

CrowdStrike

EDR / MDR

CrowdStrike

EDR/MDR

Liongard

Config Management

Microsoft Azure

Ticketing / Remote Support

Monitoring

Continuously monitored by Secureframe
View all

Compliance

Monitoring

Organizational Management

Internal Control Monitoring
A continuous monitoring solution monitors internal controls used in the achievement of service commitments and system requirements.
Information Security Program Review
Management is responsible for the design, implementation, and management of the organization’s security policies and procedures. The policies and procedures are reviewed by management at least annually.
Organizational Chart
Management maintains a formal organizational chart to clearly identify positions of authority and the lines of communication, and publishes the organizational chart to internal personnel.

Vulnerability Management

Third-Party Penetration Test
A 3rd party is engaged to conduct a network and application penetration test of the production environment at least annually. Critical and high-risk findings are tracked through resolution.

Risk Assessment

Risk Register
A risk register is maintained, which records the risk mitigation strategies for identified risks, and the development or modification of controls consistent with the risk mitigation strategy.
Vendor Due Diligence Review
Vendor SOC 2 reports (or equivalent) are collected and reviewed on at least an annual basis.

Access Security

Unique Access IDs
Personnel are assigned unique IDs to access sensitive systems, networks, and information

Communications

Privacy Policy
A Privacy Policy to both external users and internal personnel. This policy details the company's privacy commitments.
Confidential Reporting Channel
A confidential reporting channel is made available to internal personnel and external parties to report security and other identified concerns.
Communication of Security Commitments
Security commitments and expectations are communicated to both internal personnel and external users via the company's website.