Trust & Security

We believe in "Security First". That means combining enterprise-class security features with comprehensive audits of our applications, systems, and networks to ensure the protection of our customer and business data.

  • Privacy & Security Governance

    Our Enterprise Security, Risk, and Compliance team sets and maintains a high standard of Privacy and Security to protect our client's data. Executive leadership is actively involved, and each employee understands their responsibility within our Privacy and Security program. We believe in security first and have the resources in place to support it.

    Learn more

  • Compliance Certifications & Memberships

    Security isn't just saying you're secure, it's proving it. We have several external reviews throughout the year that hold us to the high bar we've set for ourselves. We continually focus on best practices and maintain relationships with various organizations to keep our skills sharp and ahead of the curve in the evolving Privacy and Security landscape.

    Learn more

  • Application Security

    Security is built into our application throughout the software development lifecycle. We will configure our application to meet a client’s security needs, and our role-based access supports both minimum requirements and segregation of duties.

    Learn more

  • Data Center & Network Security

    PrecisionLender is hosted within Microsoft Azure’s cloud of geographically distributed Data Centers to ensure data sovereignty requirements are met. Each facility operates 24x7x365 and is designed to protect operations from power failures, physical intrusions, and network outages.

    Learn more

Why does all this security matter?

Learn more about our sales and negotiation solution we work so hard to protect.

Explore our solution

Privace & Security Governance

Privacy and Security Governance Back to Top
Security Policies

A suite of Security policies and procedures exists to ensure our high level of standards is communicated and applied consistently.
Privacy Policy

The PrecisionLender Privacy Policy is posted online.
Privacy & Security

The Enterprise Security, Risk, and Compliance team evaluates applicable regulatory and contractual requirements to ensure compliance is ingrained throughout all levels of our organization.
Risk Assessment

A thorough risk assessment process is in place to discover, correct, and prevent security issues.
New Hire Vetting

Background verification checks are performed on all new employees and credential verification is performed for applicable employees.
Training

All new hires are required to complete a training curriculum which is in place to raise awareness of our policies and procedures and trends in Privacy and Security. The security training program is refreshed annually, and all current employees are required to complete it.

Compliance Certifications & Memberships

AICPA SOC - SOC for Service Organizations

SOC2 Type II Audit for Security and Confidentiality for our software platform.

Certifications & External Audits Back to Top
SOC 2, Type II

An annual audit by an external auditor related to the AICPA's Security and Confidentiality Trust Services Criteria for our software platform
Privacy Shield

We have certified our services under the EU-U.S. Privacy Shield Framework. For confirmation of our current status, refer to the Privacy Shield List.
Penetration Test

A third-party vendor is engaged to perform an annual penetration test
Memberships Back to Top
Cloud Security Alliance

PrecisionLender is a member of the Cloud Security Alliance (CSA) which is a member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing.
Other Professional Affiliations

Our Enterprise Security, Risk, and Compliance team is comprised of professionals who continually strive for advanced certification and maintain affiliation with numerous organizations including:

  • ISACA
  • ISC2
  • EC-Council
  • AICPA
  • IIA
  • IAPP

Application Security

Application Security Back to Top
Access Control

Users must authenticate to PrecisionLender using a valid user ID and associated password. Our security architecture ensures that each request to PrecisionLender is accompanied by user identity credentials to ensure segregation of client data.
Role Based Access

Role based access is utilized to ensure that access is granted based upon a user's roles and responsibilities. This supports the strategy of minimum necessary access and segregation of duties.
Single Sign-On

Clients have the ability to authenticate users via their own SAML 2.0 Identity Providers such as ADFS and Ping Identity.
IP Restrictions

PrecisionLender has client-configurable settings to restrict access to specific IP addresses.
Security Log

Clients have access to an internal security audit trail detailing successful and failed login attempts as well as all changes to settings that may impact security.
Change Control

PrecisionLender has a formal change management process which requires changes to undergo peer reviews and successfully pass a suite of automated tests prior to being implemented in production. Changes are 100% backwards compatible to limit disruption to the business and with a refresh of the browser, users are always on the most current version.
System Availability

We continuously monitor the status of PrecisionLender and all its related services. If there are any interruptions in service, a note will be posted at https://status.precisionlender.com/ and clients may subscribe to receive alerts.

Data Center & Network Security

Data Center & Network Security Back to Top
Data Center Overview

PrecisionLender is entirely hosted within the Microsoft Azure Platform-as-a-Service (PaaS) data centers where security is integrated into every aspect of the environment.
Data Sovereignty

To support clients with specific data sovereignty requirements, Microsoft Azure has Data Centers around the globe. PrecisionLender can provide local instances of the application to support each client's unique data sovereignty requirements.
Data Redundancy

All databases are protected with Azure's real-time automated backup system allowing for Point-In-Time (PIT) restore. Additionally, databases are geo-replicated in real-time to a secondary Microsoft Azure Data Center to allow for fail-over if required.
Network Security

Our network is protected by best-in-class firewall and router technology, TLS encryption, and a network intrusion detection system that monitors and proactively blocks malicious traffic and other undesirables.
Vulnerability Management

We use industry-recognized, third-party security firms, enterprise-class security scanning solutions, and custom in- house tools to regularly analyze the application and production infrastructure to ensure that vulnerabilities are identified, classified, and remediated appropriately.
Data Encryption in Transit

All communications between our clients and PrecisionLender are encrypted using industry standard TLS.
Data Encryption at Rest

We leverage Azure SQL Transparent Data Encryption (TDE) to encrypt all databases at rest.

Looking for more information?

Contact us to discuss your trust and security requirements.

Contact us