Security Software Tool
Take a look at some of the most frequently asked questions about our security approach.
What is Syniti’s commitment to security?
- As a data management company, Syniti puts security first. As such, Syniti is ISO 27001:2013 certified and is pursuing SOC 2 certification for our data management platform. Securing our customer’s data is secure is a top priority.
Does Syniti adhere to industry standards for information security?
- Absolutely. Syniti is ISO 27001:2013 certified and additionally Syniti’s security program incorporates guidance from other industry leading best practices like NIST and CIS.
What does Syniti do to ensure its staff are up-to-date with Information Security best practices?
- Syniti requires all employees, contractors, and subcontractors to complete annual security awareness training at a minimum. Additional opportunities for awareness occur through events such as Cybersecurity Awareness Month, phishing campaigns, and corporate communications on important security topics and news.
How do you protect and isolate our customer systems & data at rest and in transit?
- Systems and data are isolated from all other Syniti operational systems, end users, and developers in an isolated cloud operations hosting environment. Access is restricted to cloud operations administrators and indirectly to consultants who are working with the customer to facilitate migrations and other business driven actions.
- Tenants have their own isolated environments with no access to or from any other customer environment.
- Customer data transferred in or out of the cloud operations environment to the customer is encrypted in transit.
- Systems have data encrypted at rest at the disk level.
- Access to customer environments by cloud operations administrators occurs through a secure web portal mitigating most concerns related to the security posture of Syniti laptops, desktops, mobile devices, wireless, etc.
Is your infrastructure SOC 2 compliant?
- Syniti partners with well-known global IaaS Hyperscalers who maintain SOC 2 compliance.
What endpoint security do you implement for customer systems themselves?
- We operate host based firewalls, EDR software and other protections ensuring:
- Validated software is installed and running
- Validated processes are running on customer systems
- Virus & malware assessments of customer systems are current and accurate
- Host-based firewalls
How do you track and respond to security incidents?
- Syniti cloud operations maintains a 24×7 NOC build around a SIEM solution for aggregating and correlating security events and identifying actionable security incidents.
Is customer data backed up?
- All customer data is backed up daily.
Does Syniti encrypt my data?
- Yes. Both in transit, enforcing https, and at rest in the database using AES256 encryption. We also support SQL Server Transparent Data Encryption (TDE).
Do you review your applications for security vulnerabilities?
- Throughout our Software Development Lifecycle (SDLC), we scan the code looking for security vulnerabilities using independent 3rd-party static and dynamic scanning tools and any significant issues are resolved prior to release.
Does your application support Multi-Factor Authentication?
- We support Single Sign On (SSO), where the application delegates user authentication to the customers corporate Identity Provider. In this way, the customer directly controls who has access to the Syniti application using their established user authentication policies and procedures.
Do you use industry standards (i.e. OWASP Software Assurance Maturity Model, ISO 27034) to build in security for your Systems/Software Development Lifecycle (SDLC)?
- Syniti information privacy and security governance and the SDLC process is aligned with the International Organization for Standardization (ISO) 27001 and 27002 security standards and the National Institute of Standards and Technology (NIST) Special Publications 800 Series. The Syniti secure SDLC program follows the guidelines set by the OWASP Framework.
What is the uptime SLA for your SaaS products?
- We ensure an uptime of 99.5%.
How often do you release updates to the software?
- Our SaaS products follow a CI/CD model where changes are deployed to production as soon as they have passed all of our SDLC checkpoints.
- Our on-premise software is released on the following frequency:
- Service Packs – every 4-6 weeks
- Minor versions – every calendar quarter
- Major versions every 1-2 years