We know that the security and availability of your business data is extremely important. We proactively monitor our IT environment, systems and continuously evaluate our security practices, taking reasonable steps to maintain this trust and our security position.
Please see our Responsible Disclosure policy below.
ActiveProspect has achieved Service Organization Control (SOC) 2 Type II compliance for our SaaS platform solutions. The SOC 2 Type II report is an independent and detailed audit review measuring the operating effectiveness of ActiveProspect’s internal controls around the AICPA’s trust services criteria for security and service availability of our platform solutions.
Request SOC2 Type II If you have any questions please contact [email protected]
Our systems are located on a private, isolated network, with only customer-required services exposed to the public Internet. We patch our systems on an ongoing basis to defend against current exploits. Servers are monitored by an intrusion detection system, and defended from web attacks by a web application firewall. Regular third-party penetration testing and ongoing automated vulnerability testing are performed on our systems.
Customers rely on the ActiveProspect platform 24/7/365. Since we launched LeadConduit in 2004, high availability has been a top priority. Our infrastructure is designed to scale with customer demand and our team monitors performance around the clock. Because we stand behind our track record, the uptime of our platform is published online and available to the public at status.activeprospect.com.
Keeping customer data safe is a top priority at ActiveProspect. We work hard to protect our customers from the latest threats. Data is encrypted in transit and at rest. Our API endpoints require at least TLS 1.2 and a secure cipher. Our systems reside in a SOC 2 compliant datacenter. Access is restricted to properly credentialed datacenter employees.
Our employees may occasionally need access to accounts for support or troubleshooting purposes. ActiveProspect employees have undergone background checks before being granted internal access to our systems. Access is granted using the principle of least privilege. All employees are required to use strong passwords, which are reset every 90 days, and MFA in order to gain access to our applications.
We do not store credit card information on our systems. When you enter a credit card number for payment, it is transmitted directly from your browser to our payment processor’s systems who store your data on their PCI compliant infrastructure.
We appreciate those in the information security community who reach out to us and disclose potential vulnerabilities they have found in a responsible manner. Please send urgent or sensitive reports directly to [email protected]. Use our public key to keep your information safe and please provide us with a secure way to respond. Our security office and select software development team members monitor that email address, and we work to acknowledge your message as quickly as possible, typically within eight hours (and no longer than 72 hours). We’ll work with you to make sure that we understand the scope of the issue, and that we fully address your concern. Please act in good faith towards our users’ privacy and data during your disclosure. We won’t take legal action against you or administrative action against your account if you act accordingly. White hat researchers are always appreciated. We’ll gladly give appropriate credit for responsible disclosure of significant vulnerabilities.
Special thanks to the following individuals, who have responsibly disclosed vulnerabilities in the past:
.entry-content .entry-footer .b-post .b-content-area
This program crawled on the 2015-06-30 is sorted as cvd.
FireBounty © 2015-2024