Pingboard’s software surfaces engaging info about people, teams, and the company, and puts it into the hands of everyone—whether they started the company or they’re starting today. Helping to protect the confidentiality, integrity, and availability of our customers’ data is of the utmost importance to Pingboard, as is maintaining customer trust and confidence. We recognize that information security entails end-to-end efforts, spanning application development, system configurations, hosting services, and personnel security. Here are some of the security features Pingboard has implemented to help protect customer data.
Organization, People, and Processes
Pingboard manages the security of its information assets according to a defined Information Security framework. Policies are the foundational elements of all standards, procedures, and security practices implemented at Pingboard.
Pingboard requires that all Pingboard staff:
- Receive information security awareness training.
- Report information security incidents they may become aware of.
- Comply with all relevant policies, including Pingboard’s Acceptable Use policy, which outlines appropriate and safe use of systems, fundamental security controls to protect from attack vectors, strong passwords, device encryption, multi-factor authentication, and anti-malware protections.
- Undergo background checks as part of candidate screening, and upon starting sign our Acceptable Use and Employee Proprietary Information agreements
Pingboard follows these organizational processes and technical controls designed to support information security:
- Least privilege, role-based user management.
- Change management procedures applicable to system and network configurations, access controls, and application code.
- Structured approaches to identifying, escalating, and responding to security issues, to ensure consistent and effective incident management.
- Support for single sign-on (SSO), multi-factor authentication and automated user provisioning and deprovisioning with our available integrations. Pingboard also supports custom SSO integrations with SAML 2.0 based identity providers.
- Role-based access controls to limit the data that Pingboard users can view or edit.
Data Security and Availability
- Transport layer encryption (SSL/TLS) is implemented for all client-server communication. Versions of TLS and SSL prior to TLS 1.2 are not supported. Customer data is encrypted at-rest.
- Pingboard’s production environment is physically separate from development and test environments, and production data is never replicated to other environments.
- For data redundancy, data in the application database is backed up in multiple data centers for disaster recovery purposes daily. Data restoration procedures are tested bi-annually. Backups are retained for 30 days.
The Pingboard platform is designed and operated with security top of mind. Security controls are incorporated into Pingboard’s development and operating processes, and extended to Pingboard customers to help support their security requirements and priorities.
Monitoring and Logging
Pingboard generates audit logs for all customer and employee authentication events, and changes to database contents. Continuously managed Web Application Firewall (WAF) screening for known attack vectors and DDOS attacks.
Pingboard Hardware Infrastructure
Pingboard is committed to securing its customers’ data.
- Pingboard is hosted in the US on the Heroku platform, which uses the Amazon Web Services infrastructure. All data is stored and processed in the USA. Heroku maintains PCI, HIPAA, ISO, and SOC compliance; you can learn more about it by visiting their website.
- Pingboard inherits AWS’ operations and monitoring capabilities around physical and network security. AWS is SOC 2 Type 2 Certified, HIPAA compliant, and PCI compliant. You can learn more about the certifications here.
- Pingboard runs a multi-tenant environment. Production tenants are logically separated from each other.
- Pingboard’s Cloud Hosting Policy standardizes utilization of approved providers’ built-in security capabilities.
- Pingboard commissions external security assessments and penetration testing by a vetted third party twice per year. Any identified security issues are correlated, aggregated, and risk-rated for prioritized treatment, following a standards-based approach.
- Pingboard is GDPR and CCPA compliant and maintains a Data Privacy Agreement (DPA) to be used as an amendment to our contract for customers requiring compliance.
Want to Learn More? If you have any questions about our security measures or technology, please feel free to reach out to us directly at firstname.lastname@example.org.