Teem Trust Center

Teem is committed to protecting the confidentiality, integrity, and availability of customer data. While Teem has not yet undergone third‑party SOC 2 or ISO 27001 certification audits, we operate in alignment with these frameworks through formally documented policies, secure development practices, continuous monitoring, and incident response procedures.

Our Information Security Policy defines Teem’s overarching governance structure, responsibilities, and security requirements, ensuring enterprise‑grade protection of information assets. This includes risk management, asset classification, IT asset management, personnel security, incident management, and secure system operations.

Teem implements a fully documented SDLC process covering planning, design, secure coding, testing, deployment, and maintenance. Our pipeline includes GitHub‑based version control, static code analysis, vulnerability scanning, code review, separation of environments, automated deployments, and security approvals.

Continuous scanning is performed across cloud infrastructure, application dependencies, containers, and configurations. We prioritize vulnerabilities using CVSS scoring and remediate them within strict SLAs (Critical: 1 day, High: 7 days, Medium: 30 days). Annual third‑party penetration testing is part of our program.

Teem enforces role‑based access control, least privilege, MFA, session locking, password standards, account review processes, and automated account termination. Authentication follows NIST 800‑63 guidelines and uses approved token types aligned with AAL1–AAL3 requirements.

All data in transit is encrypted using TLS 1.2+ and strong cipher suites. Data at rest is encrypted using FIPS‑validated algorithms (e.g., AES‑128/256). Key management follows strict separation and protection requirements, and full‑disk encryption is required on all laptops accessing Teem systems.

Teem maintains centralized logging across applications, cloud services, authentication events, and network activity. Logs are retained for a minimum of 92 days and protected as high‑confidentiality data. Real‑time alerts detect anomalous activity.

Teem maintains a formal Incident Response Plan based on NIST SP 800‑61. It includes preparation, detection, analysis, containment, eradication, recovery, communications, and post‑incident review. Severity levels drive response time (e.g., High = immediate response).

Our Business Continuity Plan ensures essential business functions continue during disruptions. It includes Business Impact Analysis, RTO/RPO definitions, communication procedures, recovery steps, annual testing, and training.

All employees and contractors undergo background checks, identity verification, employment checks, and role‑based screening. Re‑screening occurs every three years or upon role changes. Access to sensitive systems is only provisioned after clearance.

All personnel complete security awareness training within 30 days of hire and annually thereafter. Engineers receive secure coding training, and periodic phishing simulations reinforce learning.

Teem uses AWS and Vercel for secure, scalable infrastructure. Managed services provide encrypted storage, hardened compute, and secure networking. Deployment assets are isolated, access‑controlled, and continuously monitored.

While Teem is not yet SOC 2 Type II or ISO 27001 certified, our internal policies map to and satisfy their requirements. This includes: SOC 2 (Security, Availability, Processing Integrity), ISO 27001 Annex A controls, and NIST Cybersecurity Framework functions. Our SOC 2 Type II audit is scheduled for 2026.

Security researchers may report vulnerabilities to security@teem.finance. Teem maintains a Vulnerability Disclosure Program and handles reports promptly.

For security inquiries: security@teem.finance