Security is at the heart of what we do—helping our customers improve their security and compliance posture starts with our own.

Governance

Leapfrog’s Security and Privacy teams establish policies and controls, monitor compliance with those controls, and prove our security and compliance to third-party auditors.

Our policies are based on the following foundational principles:
  1. Access should be limited to only those with a legitimate business need and granted based on the principle of least privilege.
  2. Security controls should be implemented and layered according to the principle of defense-in-depth.
  3. Security controls should be applied consistently across all areas of the enterprise.
  4. The implementation of controls should be iterative, continuously maturing across the dimensions of improved effectiveness, increased auditability, and decreased friction.

Security and Compliance at Leapfrog

Leapfrog is HIPAA, HITRUST and SOC II Certified.

Product security

Penetration testing

Leapfrog engages with one of the best penetration testing consulting firms in the industry at least annually. Our current preferred penetration testing partner is Galactic Advisors.

All areas of Leapfrog's environment are in-scope for these assessments.

Enterprise security

Endpoint protection

All Leapfrog devices are centrally managed and are equipped with mobile device management software and anti-malware protection. Endpoint security alerts are monitored with 24/7/365 coverage. We use MDM software to enforce secure configuration of endpoints, such as disk encryption, screen lock configuration, and software updates.

Vendor security

Leapfrog uses a risk-based approach to vendor security. Factors which influence the inherent risk rating of a vendor include:
  • Access to customer and corporate data
  • Integration with production environments
  • Potential damage to the Leapfrog brand
Once the inherent risk rating has been determined, the security of the vendor is evaluated in order to determine a residual risk rating and an approval decision for the vendor.

Secure remote access

Leapfrog secures remote access to internal and client resources. We also use malware-blocking DNS servers to protect employees and their endpoints while browsing the internet.

Security education

Leapfrog provides comprehensive security training to all employees upon onboarding and annually through educational modules within Vanta's platform.

Leapfrog’s team shares regular threat briefings with employees to inform them of important security and safety-related updates that require special attention or action.

Data privacy

At Leapfrog, data privacy is a first-class priority—we strive to be trustworthy stewards of all sensitive data.

Privacy Policy

View Leapfrog’s Privacy Policy