Security
and trust.
We take security seriously.
Secure platform.
Sign In Enterprise is built on container based virtualization using Kubernetes on Amazon Web Services platform. AWS applies security best practices, manages platform security and is designed to protect customers from threats by applying security controls at every layer (physical to application). Sign In Enterprise and its data are completely isolated and receive rapidly deployed security updates without customer interaction or service interruption.
Enterprise-grade
infrastructure.
All our infrastructure is hosted and managed within Amazon’s secure data centers and utilizes Amazon Web Services' (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.
Amazon’s data center operations have been accredited under AWS Compliance programs.
Sign In Enterprise provides an option of a single tenant architecture, where an organization has their own independent instance. Automated data deletion can be enabled for Sign In Enterprise customers with a single tenant installation. This automates the recurring process of deleting visitor PII data and provides advanced compliance and data controls.
Sign In Enterprise offers the choice between a US, EU or Canadian data centers to help address legal or regulatory requirements for local data storage that are imposed on organizations that handle sensitive personal information.
High availability.
We’re proud of reliable uptime and continue to make sure your operations run smoothly. Should an incident happen, we have a comprehensive incident response and customer notification procedures in place. For platform-wide Severity 1 and 2 issues, we keep our customer updated on our status page where you can subscribe to get instant notifications. Should you suspect a security breach, e-mail us at [email protected] and we’ll investigate immediately.
Severity 1
Critical system failure that results in an inability to fulfill vital business functions.
This means visitors or users cannot access the platform, notifications are not triggering, or account-wide issues to connect to the iPad. We focus on resolving any Severity 1 matter as quickly as possible. For our Enhanced & Complete customers, we offer 24/7 emergency phone support and, if required, will provide hourly updates until the issues are resolved.
Severity 2
Serious issues significantly impacting the use of the Sign In Enterprise platform.
Visitors and users are materially impacted, with 50% of users or visitors not able to access the platform or certain features not functioning. This may include CSV files not uploading correctly, integrations not running smoothly or platform issues related to badge printing. We’ll respond to Severity 2 cases during business hours and will provide daily updates.
Severity 3
Negative features or missing features that are causing inconvenience to users.
Severity 3 cases are not business critical and can include how-to questions, reporting issues, smaller technical bugs or feature requests. We always love to hear your ideas and feedback. Depending on the complexity, we will do our best to fix the issue in the next release or add it to our roadmap.
Development policy.
The Sign In Enterprise development team uses a standardized process to ensure changes are made securely and reliably, with a focus on quality. New releases are typically available at least once a month. Releases include documentation (ie: release notes), demonstrating new functionality to all customers.
- All changes begin with a pull request from a local development branch to a QA environment.
- Before changes are merged into a QA environment, a code review is done by a senior developer.
- The change is then tested in QA, and another run of testing in UAT.
- Code is finally pushed from UAT to production. All code migrations occur across SSL.
Sign In Enterprise employees all undergo background criminal checks and sign an NDA upon hire. Sign In Enterprise employees undergo training and awareness programs to ensure that privacy and security stay top of mind. Employees do not have access to customer accounts unless granted by customers.
Third-party
penetration testing.
Sign In Enterprise proactively engages a third-party security specialists to conduct an annual penetration test of its cloud platform. The annual review uncovers any potential vulnerabilities and assures the most critical web application security standards are followed. In line with the Open Web Application Security Project (OWASP) Web Application Penetration testing methodology, the assessment includes security reviews of source code, API (Application Program Interface) and penetration testing.
Compliance standards.
At Sign In Enterprise, data protection is a priority. We value our customers’ trust and will ensure their visitor data is protected. Demonstrating our long-term commitment to security, we are taking every step to ensure our people, processes and technology are compliant with any laws, rules, regulations and standards. For any questions about information and data security, please contact [email protected].
Service Organization Controls (SOC) ensure service providers securely manage client data to protect the interests of both the client’s organization and privacy of their customers. Sign In Enterprise has achieved SOC 2 Type-2 attestation and completed an audit performed by qualified evaluators from an independent third-party auditing firm.
Security
To ensure the protection against unauthorized access, internal controls need to mitigate the potential abuse or misuse of the platform, theft or the unauthorized removal of data, and disclosure of personal information.
Availability
To control the access to a platform as per the contract and/or service level agreement with customers (specifically regarding the minimum acceptable level of performance), internal controls need to monitor performance and availability.
Processing Integrity
To assure the intended purpose of a platform is achieved, internal controls need to monitor data processing and quality assurance procedures. The purpose focuses on processing the right data at the right time.
Confidentiality
To ensure the restriction of confidential data, internal controls need to define security and data protection procedures.
Privacy
To control the collection and use of personal information, internal controls need to support the protection of personal information from unauthorized access.
General Data Protection Regulation (GDPR) increases accountability and transparency in the management of personal data. We believe in data protection by design and understand that complying with the GDPR is a joint liability between the data controller and processor. We’re doing our due diligence and take necessary action to ensure compliance.
Training and awareness
We made data privacy an integral part of our culture. Employees undergo training, agree to NDAs and drive awareness within the company.
Operational processes
We continue to review and adapt our internal processes to further mitigate any privacy risk.
Policies procedures and guidelines
We document and reinforce data protection in how we conduct our business.
Third-party risk management
We carefully assess who we work and integrate with.
Consent management
We enforced greater diligence in managing and proving consent in line with the GDPR.
Data retention
We established new processes to retain personal data only for the duration that is needed to fulfill the purpose.
Data residency
We provide a data centre in Europe to allow organizations to host data locally.
Terms & Conditions
We updated our Ts&Cs in accordance with the new GDPR requirements.
Platform development
We’re adding more features to provide our customers with more flexibility in data management.
Data breach notifications
We continue to follow our incidence response principles.
Security questions?
Whether you're just starting a visitor management initiative, comparing vendors or simply looking for adoption strategies - know that Sign In Enterprise is here to listen, to help and to share in our wisdom and expertise.