Security without compromise: Enterprise trust built-in.
The Lightsource.ai platform is a multi-user SaaS application designed to illuminate the global supply chain by helping procurement professionals collaborate securely with their suppliers.
We build with a "Security-First" mindset to ensure your strategic sourcing, supplier discovery, and item management remain protected at every stage.
Proven compliance & certifications
We maintain a rigorous control environment verified by independent third-party experts to provide reasonable assurance that our service commitments are met.
SOC 2 Type 2 certified
Lightsource.ai has been issued an attestation report by Sensiba for the LightSource platform.
Trust services criteria
Our audit confirms compliance with the AICPA’s criteria for security, availability, and confidentiality.
Continuous compliance monitoring
We utilize automated platforms to monitor over 100 security controls 24/7, ensuring our posture is maintained daily, not just during audit windows.
AI safety & data privacy
Protecting your proprietary procurement data is our primary objective. We distinguish between open-source data and your specific customer application data.
No training on customer data
Lightsource.ai does not use your private RFQs, RFI questionnaires, or contracts to train foundation models.
Data classification & retention
We maintain formal data classification and retention policies to identify and protect sensitive information throughout its lifecycle.
Security architecture & infrastructure
Our platform is built on world-class cloud infrastructure with multi-layered defenses to protect your sourcing operations.
Enterprise-grade hosting
We engage third-party vendors to conduct annual network and application-layer penetration tests.
Physical security
We rely on the robust physical and environmental controls of our subservice organizations, which prevent physical access by unauthorized personnel.
Encryption standards
We use industry-leading encryption to protect customer data both at rest and in transit.
At rest: data is encrypted using securely managed keys.
In transit: all connections are secured via SSL/TLS protocols.
Application security & access control
We provide granular controls that allow your organization to manage access based on the principle of least privilege.
Identity management
We support IDPs that enable Single Sign-On (SSO), ensuring seamless and secure authentication for your teams.
Multi-Factor Authentication (MFA)
We require token-based MFA (OTP) and hardware security keys for accessing production and cloud resources.
Role-Based Access Control (RBAC)
Access to system resources is validated against authorized roles in access control lists.
Intrusion detection
We utilize automated intrusion detection systems (IDS) for continuous network monitoring and early detection of potential security breaches.
Reliability, scalability & performance
Our architecture is designed for high availability, ensuring your procurement data is accessible when you need it most.
Infrastructure redundancy
We replicate critical system components to ensure there is no single point of failure.
Disaster recovery & business continuity
We maintain formal disaster recovery and business continuity plans, which are tested annually to confirm effective response to potential disruptions.
Automated backups
Production data is backed up daily and monitored to support recoverability.
Proactive monitoring
We monitor capacity utilization (disk, compute, and bandwidth) to ensure consistent service delivery.
Uptime status
visit status.lightsource.ai for a real-time update of the LightSource platform’s availability.
Continuous vulnerability management
Security is a company-wide endeavor involving constant testing and refinement.
Penetration testing
We engage third-party vendors to conduct annual network and application-layer penetration tests.
Vulnerability scanning
Automated scans are performed on a continuous basis to identify and remediate security issues based on risk and impact.
Secure Development Life Cycle (SDLC)
We follow a formal SDLC that includes code testing in logically separated environments prior to production migration.
Ready to conduct your due diligence?
Our team is prepared to assist your procurement group with deep-dive documentation and security questionnaires.
Reporting issues
If you believe you’ve discovered a bug in LightSource’s security, please get in touch at security@lightsource.ai.
Our security team promptly investigates all reported issues.
*GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and COOL VENDORS is a registered trademark of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.