Trust & Security
At insightsoftware, we value and prioritize product security, data privacy, and regulation compliance, and build our solutions with reliability and security at their core. We invested significant resources, time, and effort to design an Information Security Management System (ISMS) that ensures Confidentiality, Integrity and Availability (CIA) of our services and privacy of our customer data.
Security
insightsoftware maintains a comprehensive documented security program with physical, administrative, and technical safeguards designed to protect the confidentiality, integrity, availability, and security of the software and customer data. Our multi-layered ‘defense in depth’ approach protects critical systems and sensitive customer data. This ensures that failure of a single security control will not lead to compromise of customer data.
Data Protection
Our cloud solutions encrypt data in transit and at storage using strong TLS encryption ciphers and AES-256. Cloud systems are protected using next-generation threat protection software.
Vulnerability Management
Systems are evaluated and secured via our vulnerability management program, which includes scheduled scans and external attack surface / dark web monitoring. Public vulnerabilities are posted to our Security Advisories page.
Secure Software Development
insightsoftware’s secure software development lifecycle incorporates static code analysis, vulnerability scanning, and independent third-party penetration testing.
Reliability
insightsoftware’s cloud products are designed for high performance and availability and built on best-in-class core technologies, such as AWS and Microsoft Azure. Automated backups are regularly scheduled and encrypted, and our services have documented disaster recovery and business continuity plans.
Security Incident Response
insightsoftware maintains a thoroughly documented incident response plan, which includes incident reporting, roles and responsibilities, prioritization, escalation, and remediation. We swiftly isolate the incident, reduce any impacts, and quickly communicate our actions to any affected customers.
Security Culture
Security is everyone’s responsibility at insightsoftware. All insightsoftware employees and contractors are required to take regular security awareness training and acknowledge our security policies. Employees are frequently tested with simulated phishing attacks.
Compliance
To protect our customers and their data, insightsoftware has adopted a formal information security management program based on industry standards that governs software development, infrastructure operation, administration, and delivery of the insightsoftware cloud services.
Our security program, along with an extensive control environment, is aligned with and regularly assessed against industry standard frameworks such as ISO 27001 and SSAE-18 SOC 2.
ISO 27001
Specific insightsoftware products and services meet the standards of ISO 27001, an information management security specification for information management systems (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes.
SSAE-18 SOC 2
insightsoftware completes annual SOC 2 Type 2 audits which provide an evaluation on the suitability of the design and operating effectiveness of insightsoftware’s internal controls. SOC 2 is a rigorous examination by an independent accounting firm based on AICPA Trust Services Principles and Criteria for Security, Availability, and Confidentiality.
Legal & Privacy
insightsoftware is committed to protecting the privacy of our customers and the data stored on any of our SaaS offerings. Our services comply with the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) regarding the collection, use, and retention of personal information. We take appropriate measures to ensure personal information is kept secure, including security measures to prevent personal information from being accidentally lost, or used and accessed in an unauthorized way.
See our dedicated Legal and Privacy page for more information.