How LeanScale safeguards customer information, devices, and data
A multi-layered program built for the standards enterprise teams expect — across our people, our platforms, and our processes.
How we think about trust
LeanScale maintains a multi-layered security and compliance program designed to protect customer data and uphold the standards expected by enterprise organizations. This document outlines the procedures, platforms, and training that govern how our employees and contractors access, handle, and safeguard customer information. Our approach is grounded in three principles — rigorous personnel vetting, centrally managed and continuously monitored devices, and recurring, role-relevant training.
Vetted personnel
Comprehensive background checks before any access to customer systems is granted.
Managed devices
Every endpoint enrolled in MDM, encrypted, and continuously monitored.
Recurring training
Role-relevant cybersecurity certifications, refreshed annually for every team member.
Background checks
Every employee and contractor is required to complete and pass a comprehensive background check through Checkr prior to onboarding at LeanScale.
No personnel are granted access to customer systems, information, or data until this verification is successfully completed.
Device management
All devices used by LeanScale employees to access customer information are secured and centrally managed through Rippling Device Management, our Mobile Device Management (MDM) platform. Rippling MDM lets us remotely manage company devices — enforcing security policies, deploying software, keeping operating systems up to date, assigning computers to employees, initiating remote locks and wipes, assisting with provisioning, and enforcing encryption and password policies — so security controls are applied consistently across our entire workforce, regardless of location.
Why centralized device management matters
Cloud-era controls, applied consistently
As more work runs through cloud services, employees access data, apps, and network resources from anywhere with an internet connection. MDM closes the gap that flexibility creates — automating deployment and enforcing critical settings like disk encryption and password policy compliance on every endpoint.
Meets the standards regulators expect
Beyond letting administrators adjust settings, install updates, or deploy apps remotely, LeanScale is required to maintain systems-level controls to satisfy security standards including HIPAA, GDPR, SOC 2, PCI, and ISO. MDM automation makes those complex requirements attainable.
Through Rippling MDM, LeanScale is able to
- Enforce security policies and password requirements across all company devices
- Mandate full-disk encryption on every managed endpoint
- Deploy software and keep operating systems current with the latest security updates
- Initiate remote locks and remote wipes if a device is lost, stolen, or compromised
- Provision and assign devices to employees with standardized, secure baseline configurations
Supports leading industry frameworks & regulations.
Cybersecurity training
All LeanScale employees are required to complete cybersecurity training through Rippling's Learning Management System prior to beginning any work that involves access to customer information.
Cycle
Certifications are valid for twelve months, after which annual refresher training is required to maintain access.
Required courses
MandatoryCybersecurity Training for Enhanced Online Protection
Provides employees with awareness of cybercriminal activity, current cyber threats, and best practices for protecting sensitive data. Given the rising cost of breaches and regulatory penalties, a strong baseline cybersecurity posture is foundational to our operating model.
Anti-Bribery & Anti-Corruption Prevention
Equips employees with the knowledge to maintain honest, ethical business relationships. The course covers recognition of potentially corrupting situations — particularly involving gifts, invitations, and donations — and provides practical guidance for handling them appropriately.
Customer-specific optional courses
Assigned per engagementIn addition to the required curriculum, LeanScale provides optional courses that can be assigned to employees supporting customers with specific regulatory requirements.
PCI DSS
Covers the Payment Card Industry Data Security Standard administered by the PCI Security Standards Council. Trains employees on PCI DSS requirements, their responsibilities for protecting cardholder and authentication data, and the consequences of non-compliance.
GDPR
Introduces the European General Data Protection Regulation, which applies to any organization — including those outside Europe — that controls or processes personal data of individuals in the European Economic Area. Covers the key principles of lawful processing, secure handling of personal data, and breach response.
HIPAA for Business Associates
Designed for employees who interact with protected health information (PHI) in a business associate capacity. Explains how HIPAA applies to their work, the importance of safeguarding patient information, and the consequences of HIPAA violations.
HIPAA for Covered Entities
Designed for employees of covered entities under HIPAA — health plans, healthcare clearinghouses, and healthcare providers. Covers job-specific HIPAA responsibilities, the importance of patient information privacy and security, and the consequences of non-compliance.
Platform history
Our previous security training provider was TitanHQ (Safe Titan), specializing in phishing and malware protection.
Following our move to Rippling's Learning Management System, all training and certification tracking has been consolidated into a single platform alongside our device management — giving us one source of truth for compliance, training records, and access control.
Questions or additional information?
For questions about LeanScale's security and compliance program, or to request additional documentation related to a specific framework or customer requirement, please contact your LeanScale point of contact.