Atmos ProAtmos Pro
Trust Center
Contact security

Atmos Pro

Atmos Pro is a hosted platform for managing Terraform and OpenTofu infrastructure with drift detection, deployment provenance, change governance, and audit logging. This portal contains our security and compliance documentation.

security@cloudposse.comPrivacy Policy

Purchasing Atmos Pro? Visit Procurement for vendor details, agreements, and payment options.

OverviewResourcesControlsSubprocessorsFAQUpdates

Controls

Infrastructure securityOrganizational securityProduct securityInternal security proceduresData and privacy

Organizational security

How the Cloud Posse team is vetted, trained, and granted access internally.

ControlStatus
Multi-factor authentication enforced
MFA is required for access to source control, cloud, and production systems.
Least-privilege internal access
Employee access to production data is limited to those with a business need.
Onboarding and offboarding procedures
Access is provisioned on onboarding and revoked on offboarding using a documented checklist.
Periodic access reviews
Access to production systems is reviewed periodically; a formal recurring cadence is being established.
Background checks
Background checks are performed where permitted by law prior to employment.
Security awareness training
Team members receive security awareness training; a formal recurring program is being established.
Security policies established
Information security, acceptable use, and related policies are documented and reviewed at least annually.
Code of conduct established
A code of conduct sets expectations for employee behavior and ethics.
Asset inventory and disposal
Company assets are inventoried and securely disposed of at end of life.
Endpoint protection
Company endpoints run anti-malware / endpoint protection.