Enterprise-Grade Security

Rest easy knowing your company's information remains private and secure.

Built on the top standards in the industry.

SOC2 logo
HIPAA logo
GDPR logo
NIST logo

Our commitment to your security.

Comprehensive

We build our product, services, and internal processes with the integrity of your information in mind.

Compliant

We’ve achieved breadth and depth in our compliance programs, adhering to SOC2, HIPAA, GDPR, CCPA, and others.

A constant priority

We’re committed from top-to-bottom to ensuring we meet or exceed security regulations and customer requirements.

FAQs

Is Zingtree compliant with industry standard security and privacy regulations?

Yes. Zingtree is currently SOC2/Type 1 compliant and is actively pursuing its SOC2/Type 2 and HIPAA compliance, which is on schedule to be awarded by a third-party auditor by the end of Q2 2021. 

Zingtree’s policies and processes also satisfy the compliance standards for GDPR and CCPA privacy regulations. 

Does Zingtree base its security program on a reputable industry standard?

Zingtree’s safeguards follow the National Institute of Technology and Standards’ (NIST) risk management standards (RMF)/Cybersecurity Framework (CSF) and the associated security policies and controls, as presented in its SP 800-53, r5.

Does Zingtree do third-party security and privacy assessments, such as penetration testing?

Yes. In addition to conducting its own internal audits, Zingtree periodically engages qualified third parties to conduct compliance audits, vulnerability scanning, penetration testing, legal compliance reviews, GDPR Article 27 representation, and a variety of other security and privacy services.

What type of information does Zingtree store and process, and how sensitive is it?

Zingtree stores and processes Protected Health Information (PHI) and personal data (including Special Category). Credit card information is handled via a third-party (ie, Stripe).

How does Zingtree transmit information?

All information gets transmitted by HTTPS/SSL and/or secure API.

Does Zingtree have a designated Security/Privacy official?

Yes, Zingtree has appointed Mark R. Beckmeyer, D.Sc., CISSP as the Senior Director, Security/Privacy. Mark has over 30 years of experience in information assurance, has earned a D.Sc. (Doctor of Science) in cybersecurity, MA (Master of Arts) in Security Management, is an active member of ISC2's (Information System Security Certification Consortium) Northern Virginia Chapter, and is a CISSP (Certified Information Systems Security Professional).

What security and privacy policies has Zingtree enacted?

Zingtree has developed and published a comprehensive set of 48 security and privacy policies, which are annually approved by Zingtree's executive management and third-party auditors. All Zingtree's employees are required to annually review and acknowledge these policies.

Does Zingtree have a security awareness training program?

Yes, Zingtree has implemented comprehensive security and privacy awareness training, including: 
– Security/privacy briefings for new hires
– Annual company-wide security/privacy training
– Periodic company-wide messages about security

Where is Zingtree’s data center and who runs it?

Zingtree’s entire IT environment is hosted in a virtual private cloud (VPC) by Amazon Web Services (AWS). The AWS data center is physically located in the United States.

Is there a Disaster Recovery Program?

Yes, Zingtree has implemented a comprehensive disaster recovery program (DRP), which is based on NIST SP 800-34, r1. Moreover, Zingtree conducts a formal business impact analysis (BIA) annually, and periodically tests the DRP for failover and backup/restore performance. 

Does Zingtree have a security incident response program?

Yes, Zingtree has implemented a comprehensive security incident response (SIR) plan, which is based on NIST SP 800-61, r2. 

Does Zingtree have a change management program?

Yes, Zingtree has implemented a formal change management program, which includes a comprehensive policy that consists of procedures to be followed and documented. 

Is there an access control policy?

Yes, Zingtree has implemented a comprehensive access control policy, which includes: 
– Unique user ID’s
– Role-based assignment of user accounts, with manager and security approval
– Complex passwords and periodic forced changing
– Periodic user entitlement reviews

Start 30-day free trial

Dive in, no credit card required. Decide after 30 days whether you’d like to continue. Recommended for small organizations.

Start free trial

Request a demo

Schedule time with our team to get a full breakdown of everything Zingtree can do. Recommended for medium-to-large organizations.

Request a demo