Security & Trust at ZenCentiv
Data protection at the core of our every action
Data protection at the core of our every action
Protecting your source and commission data is paramount to us. We integrate a security-first strategy into every aspect of our product development, internal protocols, and infrastructure design. Our adherence to global standards, such as SOC 2 Type I compliance, along with features like role-based access and meticulous audit logging, reinforces our unwavering commitment to security and trust at ZenCentiv. Count on us to safeguard your data, empowering you to focus on optimizing your incentive compensation program with peace of mind.
We prioritize account security with multi-factor authentication and encrypted data storage. Continuous monitoring swiftly detects and addresses any threats. Your sensitive information is safeguarded, ensuring trust in our platform
Secure 256-bit AES and SSL/TLS encryption technology keeps your data safe from harm during data transfer and at rest
We keep our systems safe from bad actors, with vulnerability testing, and enterprise detection and response capabilities
ZenCentiv is built on Amazon Web Services (AWS), ensuring high performance and availability for your peace of mind
ZenCentiv safeguards against disasters with secure, redundant backups and proactive, regularly updated recovery plans, ensuring rapid data restoration and service continuity.
Regular penetration testing is conducted by an 3rd party independent provider to continuously enhance and validate our security infrastructure
The availability of the app is ensured through redundant infrastructure, proactive monitoring, and rapid response mechanisms, guaranteeing uninterrupted access for users and minimizing downtime
ZenCentiv enables Single Sign On (SSO) and multi-factor authentication to provide secure, seamless product access. In addition, all application traffic is over HTTPS
ZenCentiv respects your privacy and ownership of your data. Access to the data is continually restricted and audited
Here are a few methods we use to safeguard your data
We maintain a documented information privacy, security and risk management program with clearly defined roles, responsibilities, policies, and procedures. Our program is founded on the industry standards such as Information Security Management SOC 2 Type 1 and SOC 2 Type 2 (In-progress)
We regularly review and modify our security program to reflect changing technology, regulations, laws, risk, industry and security practices and other business needs.
Security Organization and Management
We prioritize security and accountability in our operations. Our robust security management structure is meticulously crafted to:
We've designated an Information Security Officer who works closely with business managers, users, IT personnel, and other stakeholders to ensure everyone fulfills their information security obligations.
Role and Responsibilities
We uphold stringent measures to ensure the integrity and confidentiality of all information processing activities. We have established precise roles and responsibilities encompassing the management and oversight of operational systems, administration and maintenance of communication networks, and the development of innovative systems. Notably, we maintain a clear separation of roles and access rights between computer operators, system administrators, and network/systems development staff. Furthermore, we have implemented robust procedures to:
We prioritize role-based security and cultivate a culture of security awareness. It is mandatory for all active employees and contractors to undergo comprehensive security awareness training. Additionally, employees holding specific roles receive enhanced data security training to ensure they possess the necessary skills and knowledge to safeguard sensitive information effectively.
We implement industry-standard firewall technologies and employ procedures to effectively manage firewall rules and their alterations, ensuring robust access control mechanisms. Additionally, we strictly segregate informational resources utilized for production from those allocated for systems development or acceptance testing, bolstering security and minimizing potential risks.
We utilize the latest software and protocols to detect and prevent the spread of viruses and malicious code within our internal computing environments, specifically tailored to support the development and delivery of our hosted applications.
We rely on industry-standard encrypted transport protocols, with a minimum Transport Layer Security (TLS) v1.2, to secure data while in transit across untrusted networks. Additionally, we employ Advanced Encryption Standard (AES) 256 encryption, or an equivalent algorithm, to encrypt data at rest, ensuring robust protection of sensitive information.
We maintain comprehensive monitoring systems for applications, databases, networks, and resources to swiftly identify vulnerabilities and safeguard our applications. Before release, our solutions undergo thorough internal vulnerability testing to ensure optimal security measures are in place.
Annually, we enlist third-party security specialists to conduct vulnerability and penetration testing on our systems, ensuring robust defenses against potential threats. Additionally, our internet-facing systems undergo regular vulnerability scans to proactively identify and address any security weaknesses.
To mitigate the risk of business disruption, our solutions are engineered to eliminate single points of failure. We maintain formal documentation of recovery processes, which can be activated in case of a significant business disruption affecting both our corporate IT infrastructure and customer data processing infrastructure. Regular testing, conducted at least annually, ensures the effectiveness and reliability of these recovery processes.
In addition to disaster recovery measures, we implement redundant configurations in our solutions to minimize service interruptions in the event of a single data center disaster. Continuous monitoring allows us to detect and address any signs of failure or impending failure, enabling preemptive action to minimize or prevent downtime effectively.
We adhere to industry-standard software development lifecycle processes and controls to govern the development of our software, encompassing updates, upgrades, and patches. Our rigorous process incorporates secure software development practices and thorough application security analysis and testing to ensure the integrity and resilience of our solutions.
We've established and implemented a comprehensive security architecture to safeguard our information resources effectively. This architecture encompasses a set of meticulously defined security mechanisms and standards to ensure: