We believe in "Security First". That means combining enterprise-class security features with comprehensive audits of our applications, systems, and networks to ensure the protection of our customer and business data.
Our Trust and Security team sets and maintains a high standard of Privacy and Security to protect our client's data. Executive leadership is actively involved, and each employee understands their responsibility within our Privacy and Security program. We believe in security first and have the resources in place to support it.
Security isn't just saying you're secure, it's proving it. We have several external reviews throughout the year that hold us to the high bar we've set for ourselves. We continually focus on best practices and maintain relationships with various organizations to keep our skills sharp and ahead of the curve in the evolving Privacy and Security landscape.
Security is built into our application throughout the software development lifecycle. We will configure our application to meet a client’s security needs, and our role-based access supports both minimum requirements and segregation duties.
PrecisionLender is hosted within Microsoft Azure’s cloud of geographically distributed Data Centers to ensure data sovereignty requirements are met. Each facility operates 24x7x365 and is designed to protect operations from power failures, physical intrusions, and network outages.
Learn more about our sales and negotiation solution we work so hard to protect.
|Privacy and Security Governance|
|Security Policies||A suite of Security policies and procedures exist to ensure our high level of standards is communicated and applied consistently.|
|Privacy & Security||The Trust and Security team evaluates applicable regulatory and contractual requirements to ensure compliance is ingrained throughout all levels of our organization.|
|Risk Assessment||A thorough risk assessment process is in place to discover, correct, and prevent security issues.|
|New Hire Vetting||Background verification checks, drug screening, and credit checks are performed on all new employees and credential verification for applicable employees.|
|Training||All new hires are required to complete a training curriculum which is in place to raise awareness of our policies and procedures and trends in Privacy and Security. The training program is refreshed annually, and all current employees are required to complete it.|
SOC2 Type II Audit for Security and Confidentiality for our software platform.
ISO/IEC 27001:2013 Certification for our Information Security Management System.
AT-C 105 & AT-C 205 Audit to assess the suitability of design of controls for our software engine.
|Certifications & External Audits|
|ISO 27001:2013||Certified by Schellman for our Information Security Management System (ISMS)|
|SOC 2, Type II||An annual audit by an external auditor related to the AICPA's Security and Confidentiality Trust Services Criteria for our software platform|
|AT-C 105 & AT-C 205||An annual audit by an external auditor to assess the suitability of the controls for our software engine|
|Privacy Shield||We have certified our services under the EU-U.S. Privacy Shield Framework. For confirmation of our current status, refer to the Privacy Shield List.|
|Penetration Test||A third-party vendor is engaged to perform an annual penetration test|
|Cloud Security Alliance||PrecisionLender is a member of the Cloud Security Alliance (CSA) which is a member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing.|
|Other Professional Affiliations|
Our Trust and Security team is comprised of professionals who continually strive for advanced certification and maintain affiliation with numerous organizations including:
|Access Control||Users must authenticate to PrecisionLender using a valid user ID and associated password. Our security architecture ensures that each request to PrecisionLender is accompanied by user identity credentials to ensure segregation of client data.|
|Role Based Access||Role based access is utilized to ensure that access is granted based upon a user's roles and responsibilities. This supports the strategy of minimum necessary access and segregation of duties.|
|Single Sign-On||Clients have the ability to authenticate users via their own SAML 2.0 Identity Providers such as ADFS and Ping Identity.|
|IP Restrictions||PrecisionLender has client-configurable settings to restrict access to specific IP addresses.|
|Security Log||Clients have access to an internal security audit trail detailing successful and failed login attempts as well as all changes to settings that may impact security.|
|Change Control||PrecisionLender has a formal change management process which requires changes to undergo peer reviews and successfully pass a suite of automated tests prior to being implemented in production. Changes are 100% backwards compatible to limit disruption to the business and with a refresh of the browser, users are always on the most current version.|
|System Availability||We continuously monitor the status of PrecisionLender and all its related services. If there are any interruptions in service, a note will be posted at https://status.precisionlender.com/ and clients may subscribe to receive alerts.|
|Data Center & Network Security|
|Data Center Overview|
PrecisionLender is entirely hosted within the Microsoft Azure Platform-as-a-Service (PaaS) data centers where security is integrated into every aspect of the environment.
To support clients with specific data sovereignty requirements, Microsoft Azure has Data Centers around the globe. PrecisionLender can provide local instances of the application to support each client's unique data sovereignty requirements.
All databases are protected with Azure's real-time automated backup system allowing for Point-In-Time (PIT) restore. Additionally, databases are geo-replicated in real-time to a secondary Microsoft Azure Data Center to allow for fail-over if required.
Our network is protected by best-in-class firewall and router technology, TLS encryption, and a network intrusion detection system that monitors and proactively blocks malicious traffic and other undesirables.
We use industry-recognized, third-party security firms, enterprise-class security scanning solutions, and custom in- house tools to regularly analyze the application and production infrastructure to ensure that vulnerabilities are identified, classified, and remediated appropriately.
|Data Encryption in Transit|
All communications between our clients and PrecisionLender are encrypted using industry standard TLS.
|Data Encryption at Rest|
We leverage Azure SQL Transparent Data Encryption (TDE) to encrypt all databases at rest.
Contact us to discuss your trust and security requirements.