Menu

Trust & Security

We believe in "Security First". That means combining enterprise-class security features with comprehensive audits of our applications, systems, and networks to ensure the protection of our customer and business data.

Img Icon 5
Privacy & Security Governance

Our Trust and Security team sets and maintains a high standard of Privacy and Security to protect our client's data. Executive leadership is actively involved, and each employee understands their responsibility within our Privacy and Security program. We believe in security first and have the resources in place to support it.

Learn more

Img Icon 6
Compliance Certifications & Memberships

Security isn't just saying you're secure, it's proving it. We have several external reviews throughout the year that hold us to the high bar we've set for ourselves. We continually focus on best practices and maintain relationships with various organizations to keep our skills sharp and ahead of the curve in the evolving Privacy and Security landscape.

Learn more

Img Icon 7
Application Security

Security is built into our application throughout the software development lifecycle. We will configure our application to meet a client’s security needs, and our role-based access supports both minimum requirements and segregation duties.

Learn more

Img Icon 8
Data Center & Network Security

PrecisionLender is hosted within Microsoft Azure’s cloud of geographically distributed Data Centers to ensure data sovereignty requirements are met. Each facility operates 24x7x365 and is designed to protect operations from power failures, physical intrusions, and network outages.

Learn more

Why does all this security matter?

Learn more about our sales and negotiation solution we work so hard to protect.

Lean about our solution

Img Icon 5

Privacy & Security Governance

Privacy and Security Governance
Security PoliciesA suite of Security policies and procedures exist to ensure our high level of standards is communicated and applied consistently.
Privacy PolicyThe PrecisionLender Privacy Policy is posted online.
Privacy & SecurityThe Trust and Security team evaluates applicable regulatory and contractual requirements to ensure compliance is ingrained throughout all levels of our organization.
Risk AssessmentA thorough risk assessment process is in place to discover, correct, and prevent security issues.
New Hire VettingBackground verification checks, drug screening, and credit checks are performed on all new employees and credential verification for applicable employees.
TrainingAll new hires are required to complete a training curriculum which is in place to raise awareness of our policies and procedures and trends in Privacy and Security. The training program is refreshed annually, and all current employees are required to complete it.
Img Icon 6 Alt

Compliance Certifications & Memberships

Aicpa Soc Logo

SOC2 Type II Audit for Security and Confidentiality for our software platform.

Iso Logo

ISO/IEC 27001:2013 Certification for our Information Security Management System.

Aicpa Soc Logo

AT-C 105 & AT-C 205 Audit to assess the suitability of design of controls for our software engine.

Certifications & External Audits
ISO 27001:2013Certified by Schellman for our Information Security Management System (ISMS)
SOC 2, Type IIAn annual audit by an external auditor related to the AICPA's Security and Confidentiality Trust Services Criteria for our software platform
AT-C 105 & AT-C 205An annual audit by an external auditor to assess the suitability of the controls for our software engine
Penetration TestA third-party vendor is engaged to perform an annual penetration test
Memberships
Cloud Security AlliancePrecisionLender is a member of the Cloud Security Alliance (CSA) which is a member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing.
Other Professional Affiliations

Our Trust and Security team is comprised of professionals who continually strive for advanced certification and maintain affiliation with numerous organizations including:

  • ISACA
  • ISC2
  • InfraGard
  • EC-Council
  • International Association of Privacy Professionals (IAPP)
Img Icon 7

Application Security

Application Security
Access ControlUsers must authenticate to PrecisionLender using a valid user ID and associated password. Our security architecture ensures that each request to PrecisionLender is accompanied by user identity credentials to ensure segregation of client data.
Role Based AccessRole based access is utilized to ensure that access is granted based upon a user's roles and responsibilities. This supports the strategy of minimum necessary access and segregation of duties.
Single Sign-OnClients have the ability to authenticate users via their own SAML 2.0 Identity Providers such as ADFS and Ping Identity.
IP RestrictionsPrecisionLender has client-configurable settings to restrict access to specific IP addresses.
Security LogClients have access to an internal security audit trail detailing successful and failed login attempts as well as all changes to settings that may impact security.
Change ControlPrecisionLender has a formal change management process which requires changes to undergo peer reviews and successfully pass a suite of automated tests prior to being implemented in production. Changes are 100% backwards compatible to limit disruption to the business and with a refresh of the browser, users are always on the most current version.
System AvailabilityWe continuously monitor the status of PrecisionLender and all its related services. If there are any interruptions in service, a note will be posted at https://status.precisionlender.com/ and clients may subscribe to receive alerts.
Img Icon 8 Alt

Data Center & Network Security

Data Center & Network Security
Data Center Overview

PrecisionLender is entirely hosted within the Microsoft Azure Platform-as-a-Service (PaaS) data centers where security is integrated into every aspect of the environment.

Data Sovereignty

To support clients with specific data sovereignty requirements, Microsoft Azure has Data Centers around the globe. PrecisionLender can provide local instances of the application to support each client's unique data sovereignty requirements.

Data Redundancy

All databases are protected with Azure's real-time automated backup system allowing for Point-In-Time (PIT) restore. Additionally, databases are geo-replicated in real-time to a secondary Microsoft Azure Data Center to allow for fail-over if required.

Network Security

Our network is protected by best-in-class firewall and router technology, TLS encryption, and a network intrusion detection system that monitors and proactively blocks malicious traffic and other undesirables.

Vulnerability Management

We use industry-recognized, third-party security firms, enterprise-class security scanning solutions, and custom in- house tools to regularly analyze the application and production infrastructure to ensure that vulnerabilities are identified, classified, and remediated appropriately.

Data Encryption in Transit

All communications between our clients and PrecisionLender are encrypted using industry standard TLS.

Data Encryption at Rest

We leverage Azure SQL Transparent Data Encryption (TDE) to encrypt all databases at rest.

Looking for more information?

Contact us to discuss your trust and security requirements.

Contact us