Atmos ProAtmos Pro
Trust Center
Contact security

Atmos Pro

Atmos Pro is a hosted platform for managing Terraform and OpenTofu infrastructure with drift detection, deployment provenance, change governance, and audit logging. This portal contains our security and compliance documentation.

security@cloudposse.comPrivacy Policy

Purchasing Atmos Pro? Visit Procurement for vendor details, agreements, and payment options.

OverviewResourcesControlsSubprocessorsFAQUpdates

Controls

Infrastructure securityOrganizational securityProduct securityInternal security proceduresData and privacy

Internal security procedures

How Cloud Posse detects, responds to, and recovers from incidents, and governs risk.

ControlStatus
Incident response process
A documented incident response process governs triage, containment, and customer communication.
Public security bulletins
Security-relevant incidents are communicated transparently via published security bulletins.
Logging and monitoring
Application telemetry and errors are monitored (Sentry, OpenTelemetry) for anomalies.
Security commitments communicated
Security commitments are communicated to customers in the SaaS Agreement and Terms of Use.
Service description communicated
A description of the product and services is provided to internal and external users.
Vulnerabilities scanned and remediated
Vulnerability scans run on external-facing systems; critical and high findings are tracked to remediation. Formal SLAs are being documented.
Business continuity and disaster recovery established
Managed database backups and platform redundancy support recovery; a formal BC/DR plan is being documented.
Business continuity and DR tested
BC/DR plans will be tested on a defined cadence as part of the SOC 2 program.
Risk assessment performed
A formal annual risk assessment process is being established.
Vendor management program
Critical subprocessors are inventoried with security/privacy requirements and reviewed at least annually.
Vendor agreements include confidentiality
Agreements with vendors and third parties include confidentiality and privacy commitments.
Management oversight of security
Leadership is briefed on the state of cybersecurity and privacy risk and provides direction as needed.
Whistleblower policy established
A whistleblower policy and a channel to report concerns or fraud are being formalized.
Cybersecurity insurance maintained
Cybersecurity insurance coverage is being evaluated and put in place.
SOC 2 system description
A system description for the SOC 2 report is in preparation.