All changes begin with a pull request from a local development branch to a QA environment. Before changes are merged into a QA environment, a code review is done by a senior developer. The change is then tested in QA, and another run of testing in UAT. Code is finally pushed from UAT to production. All code migrations occur across SSL.

All employees undergo background criminal checks and sign an NDA upon hire. Sign In Solutions employees undergo training and awareness programs to ensure that privacy and security stay top of mind. Employees do not have access to customer accounts unless granted by customers.

Platform security

Get in touch

Secure platform

Sign In Solutions is built on container based virtualization using Kubernetes on Amazon Web Services platform. AWS applies security best practices, manages platform security and is designed to protect customers from threats by applying security controls at every layer (physical to application). Sign In Solutions and its data are completely isolated and receive rapidly deployed security updates without customer interaction or service interruption.

World-class protection

All our infrastructure is hosted and managed within Amazon’s secure data centers and utilizes Amazon Web Services' (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

Amazon’s data center operations have been accredited under AWS Compliance programs.

Single tenancy option

Sign In Solutions provides an option of a single tenant architecture, where an organization has their own independent instance. Automated data deletion can be enabled for customers with a single tenant installation. This automates the recurring process of deleting visitor PII data and provides advanced compliance and data controls.

Data residency

Sign In Solutions offers the choice between a US, EU or Canadian data centers to help address legal or regulatory requirements for local data storage that are imposed on organizations that handle sensitive personal information.

Enterprise-grade infrastructure

High availability

We’re proud of reliable uptime and continue to make sure your operations run smoothly. Should an incident happen, we have a comprehensive incident response and customer notification procedures in place.

For platform-wide Severity 1 and 2 issues, we keep our customer updated on our status page where you can subscribe to get instant notifications. Should you suspect a security breach, e-mail us at privacy@signinsolutions.com and we’ll investigate immediately.

Development policy

Our development team uses a standardized process to ensure changes are made securely and reliably, with a focus on quality.

New releases are typically available at least once a month. Releases include documentation (ie: release notes), demonstrating new functionality to all customers.

Third-party penetration testing

Sign In Solutions proactively engages a third-party security specialists to conduct an annual penetration test of its cloud platform. The annual review uncovers any potential vulnerabilities and assures the most critical web application security standards are followed. In line with the Open Web Application Security Project (OWASP) Web Application Penetration testing methodology, the assessment includes security reviews of source code, API (Application Program Interface) and penetration testing.

Compliance standards

At Sign In Solutions, data protection is a priority.
We value our customers’ trust and will ensure their visitor data is protected. Demonstrating our long-term commitment to security, we are taking every step to ensure our people, processes and technology are compliant with any laws, rules, regulations and standards. For any questions about information and data security, please contact privacy@signinsolutions.com.

SOC 2 Type-2

Service Organization Controls (SOC) ensure service providers securely manage client data to protect the interests of both the client’s organization and privacy of their customers. We have achieved SOC 2 Type-2 attestation and completed an audit performed by qualified evaluators from an independent third-party auditing firm.

SOC2 is based on five specified trust principles

Security
To ensure the protection against unauthorized access, internal controls need to mitigate the potential abuse or misuse of the platform, theft or the unauthorized removal of data, and disclosure of personal information.

Availability
To control the access to a platform as per the contract and/or service level agreement with customers (specifically regarding the minimum acceptable level of performance), internal controls need to monitor performance and availability.

Processing Integrity
To assure the intended purpose of a platform is achieved, internal controls need to monitor data processing and quality assurance procedures. The purpose focuses on processing the right data at the right time.

Confidentiality
To ensure the restriction of confidential data, internal controls need to define security and data protection procedures.

Privacy
To control the collection and use of personal information, internal controls need to support the protection of personal information from unauthorized access.

GDPR

General Data Protection Regulation (GDPR) increases accountability and transparency in the management of personal data. We believe in data protection by design and understand that complying with the GDPR is a joint liability between the data controller and processor. We’re doing our due diligence and take necessary action to ensure compliance.

Training and awareness
We made data privacy an integral part of our culture. Employees undergo training, agree to NDAs and drive awareness within the company.

Operational processes
We continue to review and adapt our internal processes to further mitigate any privacy risk.

Policies procedures and guidelines
We document and reinforce data protection in how we conduct our business.

Third-party risk management
We carefully assess who we work and integrate with.

Consent management
We enforced greater diligence in managing and proving consent in line with the GDPR.

Data retention
We established new processes to retain personal data only for the duration that is needed to fulfill the purpose.

Data residency
We provide a data centre in Europe to allow organizations to host data locally.

Terms & Conditions
We updated our Ts&Cs in accordance with the new GDPR requirements.

Platform development
We’re adding more features to provide our customers with more flexibility in data management.

Data breach notifications
We continue to follow our incidence response principles.

Find out more about our release and people processes

Security and trust

SOC2 is based on five specified trust principles