Trust Center
At Imply, trust is a principal success criteria. Whether you’re leveraging our Polaris, Enterprise, or Enterprise Hybrid solution, our security-first approach allows you to focus on harnessing the power of data, while we work to secure it.
- Principles
Environmental Hardening
Our Environments are hardened using industry standards and benchmarks designed to protect from vulnerabilities and misconfiguration.
Vulnerability Detection & Management
Our infrastructure utilizes numerous advanced threat detection tools, which provide monitoring and alerting on suspicious activities, potential malware, misconfiguration, malicious code, and more. Our teams work to respond in a timely manner to ensure that identified issues are appropriately addressed.
Infrastructure/Application Security
Continuous integration is a core component of our SDLC, allowing us to incorporate security scanning into the build and test process, in order to address security issues promptly. Scanning is based on industry standards, that include:
- Common Vulnerabilities and Exposures
- CIS Operating System Security Configuration Benchmarks
- Network Reachability
- Security Best Practices (Including OWASP)
Imply maintains a number of industry certifications and attestations, with more on the way!
Our Hosted and Enterprise solutions maintain active ISO 27001 and SOC2 Type II compliance, as well as HIPAA compliance attestations.
See our documented security controls, available on the Cloud Security Alliance’s (CSA) Security, Trust & Assurance Registry (STAR).
Additional security documentation is available upon request, and under NDA through our Secure Document Portal.
Data Encryption
We ensure your data is protected, both in transit, and at rest, using FIPS 140 validated encryption mechanisms, and conform to industry best practice (i.e. key management & rotation) in all environments.
Access Restrictions
Imply Hosted and Enterprise solutions maintain strict access controls, with monitoring & logging in place to ensure anomaly detection. Additionally, endpoint controls restrict access via a number of mechanisms in order to ensure that access is limited to authorized personnel. On the networking side, granular Security Groups isolate production environments to limit ingress/egress protocols to the minimum required to conduct business.
Incident Detection & Response
Imply maintains a trained and dedicated Security team, ready to respond to incidents, should they arise. If you believe you have identified a bug or vulnerability in Imply’s systems, please reach out to security@imply.io, and we will acknowledge in a timely manner.
Principles
We are committed to maintaining and continuously improving the privacy of your and your customers’ data. Regulations such as the General Data Protection Regulation and the California Consumer Privacy Act vigorously protect personal data. We leverage these regulations as a baseline for privacy across the globe including embedding privacy by design and default features into our products.
Policies
Our Privacy Policy and Cookie Policy inform you what information we collect about you and your customers’ data, how we access it, and how we share it. We understand how important personal information is to you and to your customers, so we take appropriate security measures to protect personal information against loss, theft, or misuse.
Data Processing Addendum and Sub-processors
Our Data Processing Addendum (DPA) and Sub-processor List help us abide by applicable data protection laws. We review and update these documents as needed including recently updating the DPA to include the new standard contractual clauses.