# Security Standards

As a provider of cloud services, Pump adheres to several cybersecurity frameworks to ensure our customers can operate their digital workloads in a safe and secure environment.

In addition to rigorous adherence to [AWS best security practices](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege), Pump maintains compliance with several other security frameworks, including:

* SOC 2
* ISO 27001
* GDPR
* AWS Well-Architected Framework

#### **Billing level-only permissions** <a href="#undefined" id="undefined"></a>

We also limit permissions so that Pump can only access your billing data and infrastructure metadata. Pump does not take permissions to view any application data or user data in your workloads.

For information, please see our [Role Deployment and Permissions Page](https://support.pump.co/articles/4053642719-role-deployment).

#### **App authentication and authorization** <a href="#undefined" id="undefined"></a>

Pump uses Auth0 as the authentication provider for users to verify email and log into the platform. Auth0 is compliant with most established security frameworks, and certifications can be viewed on their website [here](https://auth0.com/docs/secure/data-privacy-and-compliance).

#### **Security auditing** <a href="#undefined" id="undefined"></a>

Pump engages third-party companies to conduct regular penetration testing to identify any potential security risks.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.pump.co/support/security-standards.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.