# Security

***

### Security Levels & Best Practices

**Platform and Architecture Security**

* **Dedicated Environments:** Our AWS-based infrastructure is strictly segregated into separate environments for development, testing, and production. This ensures changes and experiments in non-production environments can never impact production or customer data.
* **Least Privilege Permissions:** All IAM roles and policies are locked down using the minimum privileges required. No permission is ever granted unless it is strictly necessary for North to operate our service.
* **Internal Security Audits:** Every significant new feature or architectural update undergoes internal security review to identify and address risks at design and implementation time.
* **External Security Testing:** North contracts third-party SecOps professionals for regular penetration testing, including both black-box and gray-hat audits, to probe and validate the security of our production system.
* **Comprehensive Logging & Auditing:** Every environment is continuously logged and monitored. Audit logs for all customer environments are maintained and can be made available for review by customers on request.
* **SOC 2 Type I Compliance:** As of May 2024, North has completed its SOC 2 Type I audit. Full details of our compliance, including audit reports, are available to customers with a signed NDA—just reach out to our security team to request them.

***

### Customer Data Segregation & Controls

**Strict Account Isolation & Data Segregation**

* **One Billing Account per North Account:** North enforces a policy of one cloud provider billing account ID per North.Cloud account. This strict separation makes it impossible for cross-customer data access or account impersonation within our platform.
* **Root User Controls:** Within each customer organization, we allow only one root North user per company domain. This increases control and minimizes the surface area for insider risk or account misuse.
* **No Data Leakage:** There is no mechanism for data to transfer or be accessed between North.Cloud accounts. Customer workloads, savings plans, and reporting are all strictly isolated.
* **Request Security Info:** Need more information? We provide detailed documentation and audit trails on a per-request basis for customers (subject to appropriate NDAs).