Split follows extensive practices to track and protect your data as it moves through Split’s services.
Split's SOC 2 Type 2 report for the 12 month monitoring period ending in January 2024 is now available to request and download from our Trust Center.
Split's SOC 2 Type 2 report for the 12 month monitoring period ending in January 2023 is now available to request and download from our Security Portal.
On November 1, 2022, the OpenSSL Project published two high-severity vulnerabilities (CVE-2022-3602 and CVE-2022-3786). Any version between 3.0.0 and 3.0.6 of OpenSSL is affected. The initial guidance, as published, is users should expedite the upgrade to version 3.0.7 to reduce the impact of this threat.
At this time, we’ve found that our public-facing endpoints are not affected by these vulnerabilities. We also continue to monitor the U.S. government Cybersecurity & Infrastructure Security Agency (CISA) guidance on these vulnerabilities.
We’re pleased to announce that Split has earned the ISO 27001 certification.
ISO 27001 certification is an important milestone that further demonstrates Split’s dedication to best-in-class security and compliance while operating at a global scale.
ISO 27001 was developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) to standardize the process for establishing, implementing, operating, monitoring, reviewing, and maintaining an information security management system (ISMS).
Split’s platform provides an always-on and highly secure feature flagging and feature experimentation service. From the beginning we have designed our infrastructure and practices with security as a top priority. The ISO 27001 certification validates our commitment to this principle.
To request a copy of Split’s ISO 27001 certificate, visit the Split Security Portal.
If you think you may have discovered a vulnerability, please send us a note.