Platform Security

Socotra ensures that your data is encrypted, safe, and always available.

A world-class information security program

Socotra’s information management system follows best practices and meets international standards. Socotra maintains ISO 27001 certification and has SOC1 Type 1 certification; both high standards for information security management systems. We are also GDPR compliant, demonstrating a commitment to protecting our platform, your customer data, and business.

Please complete the form to view our ISO 27001 certification.


  • Enterprise encryption

    Customer data in Socotra is fully encrypted at rest and when traveling over the network. Socotra uses the latest security protocols including 256-bit encryption, generating strong private keys for each customer, automated secrets management, and network monitoring for unusual system behavior.

  • Penetration testing

    Our Information Security Team completes regular penetration testing to identify platform vulnerabilities and security weaknesses. The findings are reviewed, prioritized, and remediated. Regular penetration testing ensures that our platform is secure even as we add new features for our customers.

  • Privacy

    Each production customer has an environment with its own configuration and data that’s completely independent. Ownership is clearly defined in Socotra’s terms and conditions. In addition, Socotra complies with EU regulations and provides customers with a data processing agreement that outlines the technical and operating procedures when working with customer data.

  • Auditing

    Every configuration change and operation involving customer data is tracked and recorded in Socotra’s audit log. This audit log is exposed via the Event Stream Feature. The Socotra Event Stream includes the date, user, operation and relevant object ID. In addition to direct auditing applications, this event stream data can be used to orchestrate other operations, generate reports, or identify business operation weaknesses.

  • Ease of access

    Socotra’s open APIs make it easy to access data and are fully documented at docs.socotra.com. These APIs provide access to core Socotra objects including policyholders, policies, invoices, payments, and event streams. Using these APIs, Socotra makes it simple to migrate data into Socotra, generate reports, and integrate with third-party/ancillary systems such as CRM, general ledgers, payment gateways, or consumer-facing applications.

  • Dynamic data management

    Socotra recognizes that today’s world is changing faster than before. Insurance is no different and as new information becomes available, an organization may want to update pricing, release new products, or allow new mid-term adjustments to cater to customer needs and react appropriately to risk changes. Socotra’s dynamic data model and automated version architecture allow organizations to make changes and let Socotra worry about housekeeping and data management.

Free Trial

Try Socotra for yourself

Take a test drive