All our infrastructure is hosted and managed within Amazon’s secure data centers and utilizes Amazon Web Services' (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.
Amazon’s data center operations have been accredited under AWS Compliance programs.
We’re proud of reliable uptime and continue to make sure your operations run smoothly. Should an incident happen, we have a comprehensive incident response and customer notification procedures in place.
For platform-wide Severity 1 and 2 issues, we keep our customer updated on our status page where you can subscribe to get instant notifications. Should you suspect a security breach, e-mail us at privacy@signinsolutions.com and we’ll investigate immediately.
Our development team uses a standardized process to ensure changes are made securely and reliably, with a focus on quality.
New releases are typically available at least once a month. Releases include documentation (ie: release notes), demonstrating new functionality to all customers.
Sign In Solutions proactively engages a third-party security specialists to conduct an annual penetration test of its cloud platform. The annual review uncovers any potential vulnerabilities and assures the most critical web application security standards are followed. In line with the Open Web Application Security Project (OWASP) Web Application Penetration testing methodology, the assessment includes security reviews of source code, API (Application Program Interface) and penetration testing.
At Sign In Solutions, data protection is a priority.
We value our customers’ trust and will ensure their visitor data is protected. Demonstrating our long-term commitment to security, we are taking every step to ensure our people, processes and technology are compliant with any laws, rules, regulations and standards. For any questions about information and data security, please contact privacy@signinsolutions.com.
Service Organization Controls (SOC) ensure service providers securely manage client data to protect the interests of both the client’s organization and privacy of their customers. We have achieved SOC 2 Type-2 attestation and completed an audit performed by qualified evaluators from an independent third-party auditing firm.
Security
To ensure the protection against unauthorized access, internal controls need to mitigate the potential abuse or misuse of the platform, theft or the unauthorized removal of data, and disclosure of personal information.
Availability
To control the access to a platform as per the contract and/or service level agreement with customers (specifically regarding the minimum acceptable level of performance), internal controls need to monitor performance and availability.
Processing Integrity
To assure the intended purpose of a platform is achieved, internal controls need to monitor data processing and quality assurance procedures. The purpose focuses on processing the right data at the right time.
Confidentiality
To ensure the restriction of confidential data, internal controls need to define security and data protection procedures.
Privacy
To control the collection and use of personal information, internal controls need to support the protection of personal information from unauthorized access.
General Data Protection Regulation (GDPR) increases accountability and transparency in the management of personal data. We believe in data protection by design and understand that complying with the GDPR is a joint liability between the data controller and processor. We’re doing our due diligence and take necessary action to ensure compliance.
Training and awareness
We made data privacy an integral part of our culture. Employees undergo training, agree to NDAs and drive awareness within the company.
Operational processes
We continue to review and adapt our internal processes to further mitigate any privacy risk.
Policies procedures and guidelines
We document and reinforce data protection in how we conduct our business.
Third-party risk management
We carefully assess who we work and integrate with.
Consent management
We enforced greater diligence in managing and proving consent in line with the GDPR.
Data retention
We established new processes to retain personal data only for the duration that is needed to fulfill the purpose.
Data residency
We provide a data centre in Europe to allow organizations to host data locally.
Terms & Conditions
We updated our Ts&Cs in accordance with the new GDPR requirements.
Platform development
We’re adding more features to provide our customers with more flexibility in data management.
Data breach notifications
We continue to follow our incidence response principles.