Profisee’s Information Security Program helps ensure that Profisee is managing and protecting the confidentiality, integrity and availability of our customer’s data that is managed using Profisee’s SaaS Master Data Management Platform. (‘Profisee Cloud’)
Profisee’s Information Security Policies, as part of a wholistic Information Security Program, contains administrative, technical, and physical safeguards to protect customer information assets from unauthorized modification, deletion, or disclosure, leveraging the combined security capabilities of the cloud platforms used to host Profisee Cloud and Profisee’s own data security practices.
Profisee Cloud is hosted on Microsoft Azure in regional pairs. The resources used to host Profisee Cloud are deployed across region pairs, leveraging multiple availability zones within a region for high availability, and geo-replication across regions for disaster recovery.
By hosting Profisee Cloud on Azure, customers benefit from the industry leading security practices and processes available from Azure. For more information, visit the Azure Trust Center.
Profisee implements industry standard encryption for data at rest and in transit.
Encryption of Data at Rest
Customer data is stored in tenant specific repositories (databases, storage accounts, etc.). All data at rest is encrypted. Repositories are not accessible publicly and are isolated on a private network.
Encryption of Data in Transit
All network traffic to and from Profisee Cloud over the public internet uses a minimum of TLS 1.2 to encrypt data in transit.
Profisee Cloud uses dedicated repositories to provide complete tenant isolation between Profisee Cloud environments. Customer data is not shared or co-mingled between environments. Users must be authenticated and authorized for each individual Profisee Cloud environment they access. If a customer uses a common authentication provider (ex. Azure Active Directory) across environments (ex. Development, Test, and Production), users will gain the benefit of single-sign-on but will be authorized independently for each environment.
Profisee utilizes industry standard best practices in its approach to network and cloud infrastructure security. We utilize traffic inspection, logging, analysis and alerting, next generation firewalls, geolocation blocking, segmented virtualized network infrastructure, on-demand VPN connectivity, private links, web application firewalls, network security groups and other technologies to achieve defense in depth with the goal of providing maximum security for our customers’ data.
Profisee utilizes Single Sign-On (SSO) using OpenIDConnect compliant providers coupled with Multi Factor Authentication. Once deployed on our platform, customers are responsible for the management of their users, groups and roles via RBAC (Role-Based Access Controls).
In addition to the RBAC controls required to gain access to the platform, the Profisee solution internally allows further customization and granular control via assignment of built-in roles or custom grouping of permissions.
Profisee leverages capabilities natively available in Azure to deliver Profisee Cloud as a highly available cloud native platform. All persisted repositories are configured with zone redundancy, replicating data across multiple physical locations within Azure Region(s). This provides fault tolerance and resiliency to a much larger set of failures, including catastrophic data center outages.
Additionally, Profisee leverages geo-redundancy to replicate data repositories to a secondary Azure region where Profisee maintains a secondary pre-configured Profisee Cloud infrastructure. In the unlikely event of a catastrophic outage across an entire Azure Region, Profisee will failover customer environments to that secondary region minimizing the disruption caused by an outage across an entire Azure Region.
In addition to geo-replication, Profisee maintains backups of all customer repositories.
Profisee performs log collection, detection, analysis and inspection, indexing, searching and alerting from various endpoints including, but not limited to, firewall IPS/IDS systems, endpoint security applications, user equipment and access events, VPN gateways, Web Application Firewalls.
Secure Software Development Standards
Profisee uses secure software development practices during the entire software development lifecycle. Profisee follows best practices as outlined in the OWASP Software Assurance Maturity Model (SAMM)
Profisee’s Secure Software Development Policy focuses on two essential components:
- Software Development Process – Integrates security in every phase of the software development lifecycle (SDLC) – Requirements gathering, design and coding, testing and implementation, including
- Separation of Duties
- Segregation of Environments
- Data Exposure and Sensitivity Labels
- Access Control
- Code Review
- Vulnerability Prevention Coding Practices
- Input Validation
- Exception and Error Handling
- Prevention of Cross-Site Scripting Attacks
- Prevention Insecure Direct Object References
- Credentials/Passwords Protection
- Session and Logout
- TLS and Secure APIs
- File Management
- Secure Configuration
- Insecure Deserialization
- Version Control
- Patch Management
- Software Security Assessments – Profisee uses third parties to perform quarterly and annual testing, auditing, and reviews of Profisee’s Software and Software Development Lifecycle. This includes application penetration testing, software architecture reviews, and audits of Profisee’s security processes and procedures.
Third-Party Network Audits
Profisee has partnered with a third-party vendor to perform quarterly and annual scans and penetration testing of its network infrastructure.
Third-Party Application Testing
Profisee contracts with reputable third-party(ies) to scan for application vulnerabilities, perform penetration testing, and conduct an application code and architecture review against vulnerabilities. Testing is performed on a quarterly and/or annual basis.
Profisee performs background checks on all employees provides security training during the Onboarding process and provides continuous security training.
Profisee follows industry standards of least privilege access to prevent unauthorized access to any private information. For more information, please visit www.profisee.com/privacy
Profisee’s Security Program ensures that Profisee follows best practices for securing both corporate and customer data and information systems. The Security Program is governed by an overarching Security Governance Policy that establishes the foundation for information security. The Security Program maintains a set of policies and procedures that are reviewed and approved by Profisee’s Information Security Committee. These policies include:
- Access Control
- Asset Management
- Business Continuity
- Change Management
- Data Classification
- Disaster Recovery
- Incident Response
- Network Management
- Patch Management
- Secure Disposal
- Secure Software Development
- Security Awareness
- Vendor Risk Management
- Vulnerability Management
Profisee carries insurance coverage for cybersecurity.