Security Information
Our Commitment to Your Security
We take Security & Privacy Seriously
- Inflectra's cloud platform is SOC2 Type 2 certified.
- Encrypted data in transit using TLS 1.2
- Encrypted data at rest using AES-256
- Multi-Factor Authentication (MFA)
- External penetration testing
Compliance with Industry Standards
SOC 2
Inflectra's cloud platform (both application and infrastructure) is SOC2 Type 2 certified, externally audited annually.
PCI-DSS
Inflectra's website and payment systems are PCI-DSS certified, with required quarterly vulnerabilty scans.
EU GDPR
Inflectra complies with the standards and best practices of the EU General Data Protection Regulation (GDPR).
Cloud Platform
We take the security and privacy of the Inflectra cloud platform seriously:
- Inflectra SOC2 and PCI-DSS certified hosting
- AWS cloud platform ISO27001 certified with biometric access control
- Encrypted data in transit using Secure Sockets Layer (TLS 1.2)
- Encrypted data at rest using encrypted AWS EBS volumes (AES-256)
- Multi-level redundant firewalls (perimeter and between servers)
- Multi-Factor Authentication (MFA) and Single Sign On (SSO)
- Antivirus, anti-spyware and cloud security software on all instances
Company
We practice what we preach internally. Inflectra maintains the highest levels of company security:
- Compliant with EU GDPR and US-EU Data Privacy Framework
- HIPAA-compliant for storage of PHI information
- Penetration testing performed by independent third-party
- Security awareness training for all IT and support staff
- Annual third-party audits for SOC2 Type 2, ISO27001, and ISO9001
- Information security program managed by Inflectra Security Team (IST)
- Early threat detection from subscription sources and DEFCON attendance
- Software development complies with OWASP best practices
- Responsible disclosure program to identify zero-day threats