Security and Trust at ZenCentiv

Data protection at the core of our every action

Protecting your source and commission data is paramount to us. We integrate a security-first strategy into every aspect of our product development, internal protocols, and infrastructure design. 

Our adherence to global standards, such as SOC 2 Type I compliance, along with features like role-based access and meticulous audit logging, reinforces our unwavering commitment to security and trust at ZenCentiv. 

Count on us to safeguard your data, empowering you to focus on optimizing your incentive compensation program with peace of mind.

accurate pay statements and commission payouts
Background - Hero

Security

Account security

We prioritize account security with multi-factor authentication and encrypted data storage. Continuous monitoring swiftly detects and addresses any threats. Your sensitive information is safeguarded, ensuring trust in our platform.

Encryption

Secure 256-bit AES and SSL/TLS encryption technology keeps your data safe from harm during data transfer and at rest.

Data breach security

We keep our systems safe from bad actors, with vulnerability testing, and enterprise detection and response capabilities.

Reliability

ZenCentiv is built on Amazon Web Services (AWS), ensuring high performance and availability for your peace of mind.

Disaster Recovery

ZenCentiv safeguards against disasters with secure, redundant backups and proactive, regularly updated recovery plans, ensuring rapid data restoration and service continuity.

Regular Pen Testing

Regular penetration testing is conducted by an 3rd party independent provider to continuously enhance and validate our security infrastructure.

Availability

The availability of the app is ensured through redundant infrastructure, proactive monitoring, and rapid response mechanisms, guaranteeing uninterrupted access for users and minimizing downtime.

Secure product access

ZenCentiv enables Single Sign On (SSO) and multi-factor authentication to provide secure, seamless product access. In addition, all application traffic is over HTTPS.

Stringent privacy policy

ZenCentiv respects your privacy and ownership of your data. Access to the data is continually restricted and audited.

Trust

Here are a few methods we use to safeguard your data.

Safeguards

Practices

Procedural

We maintain a documented information privacy, security and risk management program with clearly defined roles, responsibilities, policies, and procedures. Our program is founded on the industry standards such as Information Security Management SOC 2 Type 1 and SOC 2 Type 2 (In-progress)

We regularly review and modify our security program to reflect changing technology, regulations, laws, risk, industry and security practices and other business needs.

Organizational

Security Organization and Management

We prioritize security and accountability in our operations. Our robust security management structure is meticulously crafted to:

  • streamline information security processes,
  • provide clear points of contact for addressing security concerns,
  • continually assess the efficacy of our security measures,
  • uphold rigorous security standards

We’ve designated an Information Security Officer who works closely with business managers, users, IT personnel, and other stakeholders to ensure everyone fulfills their information security obligations.

Personnel

Role and Responsibilities

We uphold stringent measures to ensure the integrity and confidentiality of all information processing activities. We have established precise roles and responsibilities encompassing the management and oversight of operational systems, administration and maintenance of communication networks, and the development of innovative systems. Notably, we maintain a clear separation of roles and access rights between computer operators, system administrators, and network/systems development staff. Furthermore, we have implemented robust procedures to:

  • Vigilantly supervise information processing activities.
  • Mitigate the potential risks associated with unauthorized or erroneous actions.
  • Conduct thorough screening procedures for individuals applying for security-sensitive positions.

Training

We prioritize role-based security and cultivate a culture of security awareness. It is mandatory for all active employees and contractors to undergo comprehensive security awareness training. Additionally, employees holding specific roles receive enhanced data security training to ensure they possess the necessary skills and knowledge to safeguard sensitive information effectively.

Network Communications and Systems Management

Firewalls

We implement industry-standard firewall technologies and employ procedures to effectively manage firewall rules and their alterations, ensuring robust access control mechanisms. Additionally, we strictly segregate informational resources utilized for production from those allocated for systems development or acceptance testing, bolstering security and minimizing potential risks.

Antivirus/Antimalware Management

We utilize the latest software and protocols to detect and prevent the spread of viruses and malicious code within our internal computing environments, specifically tailored to support the development and delivery of our hosted applications.

Encryption

We rely on industry-standard encrypted transport protocols, with a minimum Transport Layer Security (TLS) v1.2, to secure data while in transit across untrusted networks. Additionally, we employ Advanced Encryption Standard (AES) 256 encryption, or an equivalent algorithm, to encrypt data at rest, ensuring robust protection of sensitive information.

Vulnerability and Penetration Testing

We maintain comprehensive monitoring systems for applications, databases, networks, and resources to swiftly identify vulnerabilities and safeguard our applications. Before release, our solutions undergo thorough internal vulnerability testing to ensure optimal security measures are in place.

Annually, we enlist third-party security specialists to conduct vulnerability and penetration testing on our systems, ensuring robust defenses against potential threats. Additionally, our internet-facing systems undergo regular vulnerability scans to proactively identify and address any security weaknesses.

Business Continuity and Disaster Recovery

To mitigate the risk of business disruption, our solutions are engineered to eliminate single points of failure. We maintain formal documentation of recovery processes, which can be activated in case of a significant business disruption affecting both our corporate IT infrastructure and customer data processing infrastructure. Regular testing, conducted at least annually, ensures the effectiveness and reliability of these recovery processes.

In addition to disaster recovery measures, we implement redundant configurations in our solutions to minimize service interruptions in the event of a single data center disaster. Continuous monitoring allows us to detect and address any signs of failure or impending failure, enabling preemptive action to minimize or prevent downtime effectively.

Software Development Lifecycle

We adhere to industry-standard software development lifecycle processes and controls to govern the development of our software, encompassing updates, upgrades, and patches. Our rigorous process incorporates secure software development practices and thorough application security analysis and testing to ensure the integrity and resilience of our solutions.

Security Architecture

We’ve established and implemented a comprehensive security architecture to safeguard our information resources effectively. This architecture encompasses a set of meticulously defined security mechanisms and standards to ensure:

  • Adequate protection for various information resources, each requiring different levels of security.
  • Secure transmission of information within and across technical environments.
  • Efficient and authorized access for users to information resources across different technical environments.
  • Prompt revocation of access privileges for individual users upon their departure or job change.

Furthermore, we maintain an up-to-date inventory of critical information assets and associated applications. We conduct thorough information security risk assessments whenever there are significant changes in our business or technology practices that could impact the privacy, confidentiality, security, integrity, or availability of data. This ensures proactive mitigation of potential risks and reinforces our commitment to maintaining a secure environment for our stakeholders.