Trust Center

At Imply, trust is a principal success criteria. Whether you’re leveraging our Polaris, Enterprise, or Enterprise Hybrid solution, our security-first approach allows you to focus on harnessing the power of data, while we work to secure it.

Security

Environmental Hardening

Our Environments are hardened using industry standards and benchmarks designed to protect from vulnerabilities and misconfiguration.

Vulnerability Detection & Management

Our infrastructure utilizes numerous advanced threat detection tools, which provide monitoring and alerting on suspicious activities, potential malware, misconfiguration, malicious code, and more. Our teams work to respond in a timely manner to ensure that identified issues are appropriately addressed.

Infrastructure/Application Security

Continuous integration is a core component of our SDLC, allowing us to incorporate security scanning into the build and test process, in order to address security issues promptly. Scanning is based on industry standards, that include:

  • Common Vulnerabilities and Exposures
  • CIS Operating System Security Configuration Benchmarks
  • Network Reachability
  • Security Best Practices (Including OWASP)

Download Our Security White Papers

Compliance

Imply maintains a number of industry certifications and attestations, with more on the way!

Our Hosted and Enterprise solutions maintain active SOC2 Type II compliance, as well as HIPAA compliance attestations.

See our documented security controls, available on the Cloud Security Alliance’s (CSA) Security, Trust & Assurance Registry (STAR).

Additional security documentation is available upon request, and under NDA through our Secure Document Portal.

HIPAA
AICPA
Star Level 1

Data Protection

Data Encryption

We ensure your data is protected, both in transit, and at rest, using FIPS 140 validated encryption mechanisms, and conform to industry best practice (i.e. key management & rotation) in all environments.

Access Restrictions

Imply Hosted and Enterprise solutions maintain strict access controls, with monitoring & logging in place to ensure anomaly detection. Additionally, endpoint controls restrict access via a number of mechanisms in order to ensure that access is limited to authorized personnel. On the networking side, granular Security Groups isolate production environments to limit ingress/egress protocols to the minimum required to conduct business.

Incident Detection & Response

Imply maintains a trained and dedicated Security team, ready to respond to incidents, should they arise. If you believe you have identified a bug or vulnerability in Imply’s systems, please reach out to security@imply.io, and we will acknowledge in a timely manner.

Download Our Security White Papers