Trust Center

Start your security review
View & download sensitive information
Ask for information
ControlK

Overview

Trust Center Overview – COWRKS
This Trust Center provides resources that demonstrate COWRKS’ ongoing commitment to protecting customer data and maintaining the highest standards of security, privacy, and reliability. Here, you will find comprehensive information about our trust practices, including key areas such as security controls, data protection, and core infrastructure.
Security is foundational to our product strategy. Our platform is designed and built following industry best practices for highly available, scalable, and secure cloud applications. We implement a defense-in-depth approach, incorporating strong access controls, encryption, continuous monitoring, and regular security assessments to safeguard our systems and data.
Our infrastructure is continuously monitored, audited, and updated to ensure compliance with applicable industry standards and regulatory requirements. We proactively identify and mitigate risks through vulnerability assessments, penetration testing, and ongoing security improvements.
COWRKS’ security and privacy programs are led by experienced professionals with deep expertise in data protection, cloud security, and regulatory compliance. Our team is dedicated to maintaining customer trust by ensuring transparency, accountability, and adherence to global security and privacy standards.

Mohamed Faisal : VP of Technology

Neha Halgali : Data Protection Officer (DPO)

icon

Regulatory Compliance and Standards

ISO/IEC 27001:2022 Logo
ISO/IEC 27001:2022
DPDPA Logo
DPDPA
GDPR Logo
GDPR
SOC 2 Type 2 Logo
SOC 2 Type 2
CASA Tier 3 Logo
CASA Tier 3
VPAT Logo
VPAT
Trust Center Updates

SendGrid

Copy link
Subprocessors

Email Delivery Service – SendGrid (CoWrks)

CoWrks utilizes SendGrid as a third-party email delivery service to manage and send transactional and system-generated emails. These communications may include account notifications, system alerts, verification emails, and other operational messages.

SendGrid is integrated securely with CoWrks applications using authenticated APIs. Data shared with SendGrid is limited to only what is necessary for email delivery, such as recipient email addresses and relevant message content.

SendGrid implements industry-standard security measures, including encryption in transit (TLS), access controls, and compliance with recognized security frameworks such as SOC 2 and ISO/IEC 27001.

CoWrks ensures that no sensitive or confidential information is unnecessarily transmitted via email. Access to SendGrid is restricted to authorized personnel, and usage is monitored to prevent unauthorized activity.

The use of SendGrid aligns with CoWrks' data protection and security policies, ensuring reliable, scalable, and secure email communication.

Risk Profile

Data Access LevelRestricted
Impact LevelSubstantial
Recovery Time Objective12 hours
View more

Product Security

Audit Logging
Data Security
Multi-Factor Authentication
View more

Reports

Data Flow Diagram (DFD)
HIPAA Report
Network Diagram
View more

Self-Assessments

We are working on our security compliance. We can provide completed questionnaires upon request.

Data Security

Access Monitoring
Data Backups
Encryption-at-rest
View more

App Security

Responsible Disclosure
Application Penetration Testing
Bot Detection
View more

ESG

Anti-Bribery and Corruption
Anti-Competitive Practices
Code of Ethics

Legal

Send Grid
SubprocessorsAmazon Web Services (AWS)-company-logoCleverTap-company-logoSendGrid-company-logoAtlassian Bitbucket-company-logoAtlassian Confluence-company-logo
Customer Audit Rights

Data Privacy

Cookies
Data Privacy Officer
Data Protection Impact Assessment (DPIA)
View more

Access Control

Access Log Management
Logging
Password Security

Infrastructure

Status Monitoring
Amazon Web Services
BC/DR
View more

Endpoint Security

Anti-Malware
Disk Encryption
Endpoint Detection & Response
View more

Network Security

Bot Detection
Data Loss Prevention
Distributed Denial of Service Protection (Anti-DDoS)
View more

Corporate Security

Asset Management Practices
Email Protection
Employee Handbook
View more

Policies

Acceptable Use Policy
Access Control Policy
Anti-Malicious Software Policy

Incident Response

Designated Response Personnel
Forensic Retainer
Incident Reporting Process
View more

Risk Management

Data Access/Impact Levels
Risk Assessments
Supply Chain Risk Management

Asset Management

Asset Classification
Asset Inventories (Hardware/Software)
Asset Tracking

BC/DR

Business Continuity Plan (BCP)
Alternate Processing/Storage Site
Data Backup/Backup Protection

Training

Employee Privacy Training
Phishing Training
Security Awareness Training

Change Management

Change Advisory Board (CAB)
Change Control Board (CCB)
Changes Notification & Verification

Physical & Environment

Access Monitoring
Alarms & Surveillance
Alternate Work Sites
View more

Continuous Monitoring

Automated Alert Response
Automated Compliance Monitoring
Data Loss Prevention System (DLP)
View more

Subprocessors

Built onSafeBase by Drata Logo