Trust Center
Kirkland, WA
Jan 21, 2025

General Info

Concentric
Concentric Advisors™ is a risk management firm that provides security services and intelligence solutions to keep people safe worldwide. As the largest and most influential independent security firm on the west coast of the United States for over a decade, Concentric has been trusted by some of the world's most prominent individuals and corporations to keep their principals, employees, and assets protected.
Digital Eclipse
Eclipse by Concentric® is designed to be a turnkey solution for individuals, families, and teams to mitigate digital risks. Leveled subscription tiers, complemented by a menu of à la carte services, provide holistic defense-in-depth cybersecurity and digital privacy across consumer identities, devices, accounts, and network connections.
Digital Eclipse URL
https://digitaleclipse.io/

Compliance

ISO 27001 Information Security Management System (ISMS)
ISO 27701 Privacy Information Management System (PIMS)
GDPR
CCPA
Why does Concentric certify to ISO standards and not SOC 2?
SOC 2 is a US-based framework, whereas Concentric operates worldwide. By contrast, ISO 27001 and 27701 are internationally recognized certifications which demonstrate a comprehensive information security and privacy management system better aligned with important data protection regulations like CCPA and GDPR. While SOC 2 is a valuable framework in certain contexts, ISO standards better meet the needs of Concentric’s diverse, global clientele.

Legal

Concentric - Privacy Policy
https://www.concentric.io/privacy-policy
Digital Eclipse - Privacy Policy
https://digitaleclipse.io/privacy-policy/
Digital Eclipse - Terms of Use
https://digitaleclipse.io/terms-of-use/

Security & Privacy FAQs

Does Concentric ever sell customer data?
No. Concentric has never nor will ever sell its customer data.
Can I request my data be deleted?
Yes. Requests for deletion can be made via email to Concentric’s Data Protection Officer at dpo@concentric.io
How can I report a security concern?
Please direct security issues or concerns to Concentric’s Data Protection Officer at dpo@concentric.io. We respectfully request that you refrain from public disclosure until we have been notified and have had the opportunity to investigate.
Does Concentric perform vulnerability assessments or penetration tests?
Yes. Concentric conducts regular vulnerability assessments and penetration tests as part of its internal security program. For security purposes we do not share the results of these tests with third parties.
Does Concentric require security awareness training for its employees?
Yes. Concentric requires baseline security awareness training for all new employees, as well as regular ongoing training for the duration of employment.
Does Concentric perform background checks on its employees?
Yes. All Concentric employees are required to pass a thorough background check.
Does Concentric maintain an insider threat program?
Yes. Concentric has developed a bespoke insider threat program that encompasses risk assessments, controls, and continuous monitoring to protect against internal threats.
How does Concentric secure its networks?
Concentric’s networks are safeguarded by state-of-the-art firewalls, intrusion detection/prevention systems, and an enterprise Security Incident and Event Management (SIEM) solution.
How does Concentric secure its systems?
All company devices are secured with full-disk encryption and are centrally managed through Mobile Device Management software. Systems undergo regular maintenance to include configuration audits and vulnerability assessments.
How does Concentric secure its data?
Sensitive data is encrypted at rest and in transit. Access to all data and systems is based on Principle of Least Privilege to ensure information is accessed only by authorized individuals and protected according to its data classification level.
How does Concentric manage its third-party risk?
Concentric has a Third Party Supplier Security Policy which outlines the means by which we evaluate the security and privacy practices of our suppliers, sub-contractors, and the surrounding supply chain. All new third parties are required to complete this evaluation, and all existing suppliers are revalidated at a cadence commensurate with their level of risk. This process has been independently audited and certified to comply with the ISO 27001 and ISO 27701 standards as part of Concentric’s Information Security and Privacy Management System.