More RFPs in less time.
We’ll show you.
With Catapult you can manage all of the RFx projects you have with ease, giving you more room to grow.
Service Organization Controls (Soc2) (Type II) Trust Services Principles
EU-US Privacy Shield
Cloud Security Alliance
Single Sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials
We enable permission levels within the app to be set for your teammates. Permissions can be set to include app settings, user data or the ability to create, respond and review projects.
Catapult enforces a password complexity standard and credentials are stored using a PBKDF function (bcrypt).
We have uptime of 99.9% or higher. You can check our past month stats at https://status.catapulthq.com.
There are simple steps you can take to increase the security of your account. Check out the Staying Secure section on our articles site.
Catapult services and data are hosted in Google Cloud Platform (GCP) facilities (us-east-1) in the USA.
Catapult was built with disaster recovery in mind. All of our infrastructure and data are spread across 4 GCP availability zones and will continue to work should any one of those data centers fail.
All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests getting to our internal network.
On an application level, we produce audit logs for all activity, ship logs to Graylog for analysis and use GCS for archival purposes. All actions taken on production consoles or in the Catapult application are logged.
Access to customer data is limited to authorized employees who require it for their job. Catapult is served 100% over https. Catapult runs a zero-trust corporate network. There are no corporate resources or additional privileges from being on Catapult’s network. We have Single Sign-on (SSO), 2-factor authentication (2FA) and strong password policies on Bitbucket, Google, and Catapult to ensure access to cloud services are protected.
All data sent to or from Catapult is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL only and score an “A+” rating on Qualys SSL Labs‘ tests. This means we only use strong cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled. We also encrypt data at rest using an industry-standard AES-256 encryption algorithm.
Catapult uses third party security tools to continuously scan for vulnerabilities. Our dedicated security team responds to issues raised. Twice yearly we engage third-party security experts to perform detailed penetration tests on the Catapult application and infrastructure.
Catapult implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our policies.
All employees complete Security and Awareness training annually.
Catapult has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
Catapult performs background checks on all new employees in accordance with local laws. The background check includes employment verification and criminal checks for US employees.
All employee contracts include a confidentiality agreement.
All payments made to Catapult go through our partner, Quickbooks.
If you think you may have found a security vulnerability, please get in touch with our security team at firstname.lastname@example.org.