Enterprise-Grade Security
Rest easy knowing your company's information remains private and secure, thanks to SOC2/Type 2 and HIPAA compliance, and much more.
Built on the top standards in the industry
Our commitment to your security
Comprehensive
We build our product, services, and internal processes with the integrity of your information in mind.
Compliant
We’ve achieved breadth and depth in our compliance programs, adhering to SOC2, HIPAA, GDPR, CCPA, and others.
A constant priority
We’re committed from top-to-bottom to ensuring we meet or exceed security regulations and customer requirements.
FAQs
Yes. Zingtree has been awarded its SOC2/Type2 and HIPAA third-party compliance attestation.
Zingtree’s policies and processes also satisfy the compliance standards for GDPR and CCPA privacy regulations.
Zingtree uses the National Institute of Technology and Standards’ (NIST) risk management standards (RMF)/Cybersecurity Framework (CSF) and the associated security policies and controls, as presented in its SP 800-53, r5.
In support of this privacy framework, Zingtree has developed the requisite policies and processes to be compliant with an array of international and domestic privacy regulations, such as GDPR, CCPA, etc.
These include safeguards surrounding governance, security/privacy compliance, industry best practices, and culture. Zingtree likewise stays proactive on the industry's latest security and privacy challenges and responses, in order to minimize potential exposure.
Yes. In addition to conducting its own internal audits, Zingtree periodically engages qualified third parties to conduct compliance audits, vulnerability scanning, penetration testing, legal compliance reviews, GDPR Article 27 representation, and a variety of other security and privacy services.
Zingtree stores and processes Protected Health Information (PHI) and personal data (including Special Category). Credit card information is handled via a third-party (ie, Stripe).
All information gets transmitted by HTTPS/SSL and/or secure API.
Zingtree has developed and published a comprehensive set of 48 security and privacy policies, which are annually approved by Zingtree's executive management and third-party auditors. All Zingtree's employees are required to annually review and acknowledge these policies.
Yes, Zingtree has implemented comprehensive security and privacy awareness training, including:
– Security/privacy briefings for new hires
– Annual company
-wide security/privacy training
– Periodic company
-wide messages about security
Zingtree is hosted on Amazon Web Services (AWS) in multiple geographic regions including the US East (Northern Virginia) and Europe (Ireland). Security and Compliance is a shared responsibility between AWS and Zingtree. AWS is responsible for the “Security of the Cloud” and Zingtree is responsible for the “Security in the Cloud”. Please see AWS' Shared Responsibility Model.
Yes, Zingtree has implemented a comprehensive disaster recovery program (DRP), which is based on NIST SP 800-34, r1. Moreover, Zingtree conducts a formal business impact analysis (BIA) annually, and periodically tests the DRP for failover and backup/restore performance.
Yes, Zingtree has implemented a comprehensive security incident response (SIR) plan, which is based on NIST SP 800-61, r2.
Yes, Zingtree has implemented a formal change management program, which includes a comprehensive policy that consists of procedures to be followed and documented.
Yes, Zingtree has implemented a comprehensive access control policy, which includes:
– Unique user ID’s
– Role-based assignment of user accounts, with manager and security approval
– Complex passwords and periodic forced changing
– Periodic user entitlement reviews
Want to see
zingtree in action?
Two ways you can learn more today.
Check out our pricing and packages to see if Zingtree might be a good fit for your organization.
Schedule time with our team to get a full breakdown of everything Zingtree can do. Recommended for medium-to-large organizations.