We are committed to providing a robust and secure service that protects our customers’ data.
Diligent’s Security Program is governed based on NIST Cybersecurity Framework and Diligent follows ISO/IEC 27001 standards to keep information assets secureby implementing an Information Security Management System (ISMS).
Frequently Asked Questions
-
What type of security and controls are in place for data centers and sub service organizations?
Our system control environment is designed to provide confidentiality, availability, and integrity for our SaaS offerings. Controls that are audited at least annually under SSAE-18 include:
- Data Protection
- Access Control/Logical
- Access Change Management
- Data Security
- Backup and Recovery
- Incident Management
These controls and supporting policies provide us and our customers with operational assurance.
-
Is a SOC audit report available?
Yes, we have current SOC 2 reports for specific products prepared by third-party auditors. The reports are comprehensive assessments of the internal controls and information security related to our service.
Upon request and subject to customer’s execution of our standard non-disclosure agreement (NDA), we will provide a copy of a current SOC 2 report.
-
Do you conduct vulnerability assessments and penetration tests?
In addition to internal security testing, we use third-party independent penetration testing to assess our service for security vulnerabilities. These tests are performed by an organizations specializing in software security, and are used to probe our environment for vulnerabilities and OWASP Top 10 web application risks, such as:
- Cross-site scripting
- SQL Injection
- Session and cookie management
- API abuse
- Denial of service
We ensure exploitable vulnerabilities are resolved in a timely fashion based on severity and impact. Subject to an NDA, we can provide a copy of the most recent penetration test.
-
What type of security and controls does Diligent have in place?
Our system control environment is designed to provide confidentiality, availability, and integrity for our SaaS offerings. Controls that are audited at least annually under SSAE-18 include:
- Data Protection
- Access Control/Logical
- Access Change Management
- Data Security
- Backup and Recovery
- Incident Management
These controls and supporting policies provide us and our customers with operational assurance.
-
Where will my data be stored?Systems that rely on our IaaS provider are available in regions in the United States, Canada, Europe, Australia, South Africa, South America, and Asia. Systems that rely on our colocation data centers are available in United States, United Kingdom, Canada, Germany, and Australia to provide options for where data is stored and to help our customers comply with data privacy location requirements.
-
How do you protect Personally Identifiable Information (PII)?
PII is limited by our customer subscription agreements, sub service organization agreements, corresponding controls, and segregation built into our SaaS design.
This ensures that any PII is isolated and protected in the system and that each customer has access to its data only
-
Who will have ownership of my data?You will continue to retain all rights over your data and we will not use your data except for the purpose of providing the services in your subscription.