EntryDesk is ISO/IEC 27001 certified. Our enterprise cloud infrastructure additionally holds ISO 27001/27017/27018, SOC 1/2/3, and PCI DSS. All data in transit is encrypted with TLS 1.2 or higher using FIPS 140-2 validated modules. Data at rest is encrypted server-side with AES-256. Customer keys are managed through a Key Management System (KMS) using envelope encryption: a Key Encryption Key (KEK) protects the Data Encryption Key (DEK) that encrypts customer data. Access follows the principle of least privilege. Each enterprise customer runs in a dedicated tenant; agent code executes in isolated microVM sandboxes for hypervisor-level isolation. Comprehensive audit logs record every key activity. Code goes through internal security review, and software supply chain dependencies are continuously vetted. AI agents follow a permission model where users can require approval per request, allow for the current session, or always allow; tools and connectors can be enabled or disabled individually; workspaces can block specific tools or require manual approval.
ISO 27001 certified — encrypted in transit, sandboxed at runtime, every action logged.
EntryDesk holds ISO/IEC 27001 certification. The cloud infrastructure we deploy on is additionally certified under ISO 27001/27017/27018, SOC 1/2/3, and PCI DSS.
TLS 1.2+ in transit using FIPS 140-2 validated modules. AES-256 server-side encryption at rest. Customer keys managed via KMS envelope encryption.
Each enterprise customer runs in a dedicated tenant. Agent code executes in microVM sandboxes for hypervisor-level isolation between workloads.
Eight controls covering encryption, key management, runtime isolation, auditability, and supply chain.
All connections — between users and EntryDesk, and between internal services — use TLS 1.2 or higher with FIPS 140-2 validated cryptographic modules.
Data is automatically encrypted server-side before it is written to storage, using the industry-standard AES-256 algorithm.
Customer keys follow industry best practice: a top-level Key Encryption Key (KEK) protects the Data Encryption Key (DEK) that actually encrypts your data.
Every person and service is granted only the minimum permissions needed for the job. Access to customer data is strictly scoped and continuously reviewed.
Agent code runs inside lightweight microVM sandboxes that provide hypervisor-level isolation. Each execution is short-lived, independent, and walled off from every other workload.
Enterprise customers run in fully separated tenants with no shared execution environment — eliminating cross-customer data access and noisy-neighbor risk by design.
Detailed, tamper-resistant logs capture every key activity and security event — the basis for incident analysis, forensics, and compliance reporting.
Internal security code review on every change, plus continuous review of third-party software dependencies to defend against supply-chain attacks.
Autonomy is powerful — and dangerous if unbounded. EntryDesk gives every user, admin, and workspace explicit levers over what agents can do.
For each tool call, users decide:
Every tool and connector can be enabled or disabled independently. Turn on only what the agent needs — no implicit access to everything in your stack.
Admins can block specific tools across the workspace, or require manual user approval before any sensitive action runs — regardless of individual preferences.
The standards we are independently audited against today.
EntryDesk's information security management system
CertifiedISO 27001/27017/27018, SOC 1/2/3, PCI DSS
CertifiedAll data encrypted in transit
ActiveServer-side encryption, KMS-managed keys
ActiveQuick answers about certifications, encryption, isolation, and agent governance.
EntryDesk holds ISO/IEC 27001 certification. The enterprise cloud infrastructure we deploy on additionally carries ISO 27001/27017/27018, SOC 1/2/3, and PCI DSS certifications. We’re happy to share documentation under NDA on request.
All data is automatically encrypted server-side before it is written to storage, using AES-256. Customer keys are managed by a KMS following envelope encryption: a Key Encryption Key (KEK) protects the Data Encryption Key (DEK) that encrypts your data.
All connections — between users and EntryDesk, and between internal services — are encrypted with TLS 1.2 or higher, using FIPS 140-2 validated cryptographic modules.
Yes. Each enterprise customer operates in a fully separate tenant with no shared execution environment. Cross-customer data access and interference are prevented at the architecture level — your data and compute are kept private and intact.
Agent code runs inside microVM sandboxes — an industry-standard lightweight virtualization technology that provides hypervisor-level isolation. Every execution is independent and short-lived, so one workload can never affect another.
Comprehensive audit logs capture key activities and security events — providing the trail needed to investigate suspicious behavior, support forensics, and meet enterprise compliance requirements.
Every code change goes through internal security review. Third-party software dependencies are continuously vetted as part of our software supply chain security program.
Yes. Users can require approval for every tool call (ask each time / allow this session / always allow). Tools and connectors can be toggled on or off individually. Workspace admins can block specific tools or require manual approval across the entire workspace.
Our team is happy to walk through EntryDesk's security architecture with your IT or InfoSec team.
Talk to Our Team