Security Statement

Last Updated: 14 January 2021

Security is of the utmost importance for PeopleInsight, and protecting our clients' data is something that we take very seriously. We take the following measures to secure our PeopleInsight solution:

21972-312_SOC_NonCPA

SOC 2 Type II Report 

  • PeopleInsight is excited to announce we’ve completed our System and Organization Controls (SOC) examination and received our SOC 2 Type II report.

  • Our SOC 2 Type II report details our ability to offer adequate security and privacy controls and safeguards as we host and process data belonging to our customers.

  • PeopleInsight’s SOC 2 Type II report covers a formal and robust examination of our cloud analytics platform, our infrastructure, software, people, and our suite of corporate policies and procedures.  

  • We are very proud of this achievement and will continue to pursue the highest standards of privacy, confidentiality and security for our customers.

  • You can request a copy of the latest SOC 2 Type II report here.

Physical Data Security

  • Two (2) secure data centers in Tier III level hosting facilities; both in Canada

  • All entrances to the data centers are locked at all times. Access is restricted and requires two-factor authentication. Entry is controlled by a proximity card system, biometric scanning, and PIN number pad.

  • Personnel are on duty at the data center 24x7x365.

  • Surveillance cameras record activities at the facility entrances and other areas within the facility.

  • PeopleInsight infrastructure is AT 101 SOC 2 Type 2 certified and complies with industry standard security and IT best practices.

Application Security

The PeopleInsight application employs extensive security measures to protect against the loss, misuse and unauthorized alteration of data.

  • Transport Layer Security (TLS 1.2). This technology protects information using both server authentication and data encryption to help ensure that data is safe, secure and available only to you.

  • Password Protection

    • PeopleInsight requires unique user names and passwords that must be entered each time a user logs on.

    • PeopleInsight enforces strong password rules.

    • PeopleInsight leverages salted password hashing for increased protection. 

    • SAML single sign-on is supported as a secure alternative to passwords, enabling customers to use their preferred authentication service with PeopleInsight

  • Session Timeouts. PeopleInsight times out user sessions if the application is left inactive for 30 minutes.

  • Secure Mobile. When using our application on a mobile device such as an iPad, all data remains on our servers.

Data encryption / Cryptographic controls

  • We utilize enterprise grade security infrastructure to provide consolidated layered security to protect our servers and data including firewall, anti-malware, intrusion prevention, web-filtering, content filtering and anti-spam.

  • Our data network is protected by industry leading Intrusion Detection devices.

  • PeopleInsight uses AES-256 encryption to protect all data at rest.

  • Complies with all Canadian Privacy and Security requirements ensuring that data remains within Canada 100% of the time.

Malware Protection

To minimize the threat of malicious software and zero-day exploits, PeopleInsight uses antimalware software on our servers to perform passive scans and active real-time monitoring. All data is scanned prior to being loaded and processed into the PeopleInsight system.

Network Perimeter Security

There are several security systems used to protect the edge of our production network:

  • Firewall — The firewall provides application aware firewall services with identity based access control, and DoS attack protection. The firewall appliance scans all incoming and outgoing traffic continuously and includes proactive monitoring with traffic reports, policy compliance, and suspicious activity alert.

  • Intrusion Detection and Prevention — A dedicated intrusion prevention system is utilized to monitor production environment and corporate environment for malicious activity.

  • Virtual Private Network — VPN connections with strong TLS encryption are used for remote communication with the internal PeopleInsight network. A VPN provides secure, tunnelled access between systems over the public internet.

  • Vulnerability Scanning — Comprehensive network vulnerability scans are conducted automatically to identify potential security concerns as soon as possible.

Data Backup

Multiple backups and a tested restoration process are part of the solution.

  • Backup Strategy — Nightly backups are performed for all servers. These backups are copied to a data centre in a geographically different location from our core servers.

  • Encrypted Backup — PeopleInsight secures all backups with AES-256 encryption to protect them at rest.

  • Backup — Backup jobs are monitored and notification alerts are sent for every backup job. Access to backup media is restricted to authorized personnel only. Restores from backup media are performed as a component of normal business operations to verify that system components can be recovered from backup media.