Trust

Security

insightsoftware maintains a comprehensive documented security program with physical, administrative, and technical safeguards designed to protect the confidentiality, integrity, availability, and security of the software and customer data. Our multi-layered ‘defense in depth’ approach protects critical systems and sensitive customer data. This ensures that failure of a single security control will not lead to compromise of customer data.

Data Protection

Our cloud solutions encrypt data in transit and at storage using strong TLS encryption ciphers and AES-256. Cloud systems are protected using next-generation threat protection software.

Vulnerability Management

Systems are evaluated and secured via our vulnerability management program, which includes scheduled scans and external attack surface / dark web monitoring. Public vulnerabilities are posted to our Security Advisories page.

Secure Software Development

insightsoftware’s secure software development lifecycle incorporates static code analysis, vulnerability scanning, and independent third-party penetration testing.

Reliability

insightsoftware’s cloud products are designed for high performance and availability and built on best-in-class core technologies, such as AWS and Microsoft Azure. Automated backups are regularly scheduled and encrypted, and our services have documented disaster recovery and business continuity plans.

Security Incident Response

insightsoftware maintains a thoroughly documented incident response plan, which includes incident reporting, roles and responsibilities, prioritization, escalation, and remediation. We swiftly isolate the incident, reduce any impacts, and quickly communicate our actions to any affected customers.

Security Culture

Security is everyone’s responsibility at insightsoftware. All insightsoftware employees and contractors are required to take regular security awareness training and acknowledge our security policies. Employees are frequently tested with simulated phishing attacks.

Compliance

To protect our customers and their data, insightsoftware has adopted a formal information security management program based on industry standards that governs software development, infrastructure operation, administration, and delivery of the insightsoftware cloud services.

Our security program, along with an extensive control environment, is aligned with and regularly assessed against industry standard frameworks such as ISO 27001 and SSAE-18 SOC 2.

ISO 27001

Specific insightsoftware products and services meet the standards of ISO 27001, an information management security specification for information management systems (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes.

SSAE-18 SOC 2

insightsoftware completes annual SOC 2 Type 2 audits which provide an evaluation on the suitability of the design and operating effectiveness of insightsoftware’s internal controls. SOC 2 is a rigorous examination by an independent accounting firm based on AICPA Trust Services Principles and Criteria for Security, Availability, and Confidentiality.

Legal & Privacy

insightsoftware is committed to protecting the privacy of our customers and the data stored on any of our SaaS offerings. Our services comply with the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) regarding the collection, use, and retention of personal information. We take appropriate measures to ensure personal information is kept secure, including security measures to prevent personal information from being accidentally lost, or used and accessed in an unauthorized way.

See our dedicated Legal and Privacy page for more information.

Trust & Security