Rest easy knowing your company's information remains private and secure.
Built on the top standards in the industry.
Our commitment to your security.
We build our product, services, and internal processes with the integrity of your information in mind.
We’ve achieved breadth and depth in our compliance programs, adhering to SOC2, HIPAA, GDPR, CCPA, and others.
A constant priority
We’re committed from top-to-bottom to ensuring we meet or exceed security regulations and customer requirements.
Yes. Zingtree is currently SOC2/Type 1 compliant and is actively pursuing its SOC2/Type 2 and HIPAA compliance, which is on schedule to be awarded by a third-party auditor by the end of Q2 2021.
Zingtree’s policies and processes also satisfy the compliance standards for GDPR and CCPA privacy regulations.
Zingtree’s safeguards follow the National Institute of Technology and Standards’ (NIST) risk management standards (RMF)/Cybersecurity Framework (CSF) and the associated security policies and controls, as presented in its SP 800-53, r5.
Yes. In addition to conducting its own internal audits, Zingtree periodically engages qualified third parties to conduct compliance audits, vulnerability scanning, penetration testing, legal compliance reviews, GDPR Article 27 representation, and a variety of other security and privacy services.
Zingtree stores and processes Protected Health Information (PHI) and personal data (including Special Category). Credit card information is handled via a third-party (ie, Stripe).
All information gets transmitted by HTTPS/SSL and/or secure API.
Yes, Zingtree has appointed Mark R. Beckmeyer, D.Sc., CISSP as the Senior Director, Security/Privacy. Mark has over 30 years of experience in information assurance, has earned a D.Sc. (Doctor of Science) in cybersecurity, MA (Master of Arts) in Security Management, is an active member of ISC2's (Information System Security Certification Consortium) Northern Virginia Chapter, and is a CISSP (Certified Information Systems Security Professional).
Zingtree has developed and published a comprehensive set of 48 security and privacy policies, which are annually approved by Zingtree's executive management and third-party auditors. All Zingtree's employees are required to annually review and acknowledge these policies.
Yes, Zingtree has implemented comprehensive security and privacy awareness training, including:
– Security/privacy briefings for new hires
– Annual company-wide security/privacy training
– Periodic company-wide messages about security
Zingtree’s entire IT environment is hosted in a virtual private cloud (VPC) by Amazon Web Services (AWS). The AWS data center is physically located in the United States.
Yes, Zingtree has implemented a comprehensive disaster recovery program (DRP), which is based on NIST SP 800-34, r1. Moreover, Zingtree conducts a formal business impact analysis (BIA) annually, and periodically tests the DRP for failover and backup/restore performance.
Yes, Zingtree has implemented a comprehensive security incident response (SIR) plan, which is based on NIST SP 800-61, r2.
Yes, Zingtree has implemented a formal change management program, which includes a comprehensive policy that consists of procedures to be followed and documented.
Yes, Zingtree has implemented a comprehensive access control policy, which includes:
– Unique user ID’s
– Role-based assignment of user accounts, with manager and security approval
– Complex passwords and periodic forced changing
– Periodic user entitlement reviews