Secure and Reliable Performance Management

Reflektive meets or exceeds all industry-standard business data security and privacy practices to protect our customers.

aicpa service organization SOC 2 badge

What is SOC 2 Compliance?

Service Organization Controls (SOC) exist to validate a company’s controls and ensure industry standards are followed. Our SOC 2 Type 1 report was prepared in accordance with the Statement on Standards for Attestation Engagements No. 16 (a.k.a SSAE 16) and documents operational policies and procedures for Reflektive’s system of internal controls.

 

 

privacy shield framework logo

What is the U.S.-EU Privacy Shield?

Privacy Shield is a joint certification from the U.S. Department of Commerce, European Commission, and Swiss Administration that affirms that Reflektive adheres to privacy practices that comply with EU data protection laws and Swiss data protection laws. This gives EU and Swiss companies confidence that they can allow Reflektive to store their data in US-based datacenters, and helps Reflektive avoid the cost and overhead of hosting data in the EU.

Reflektive Keeps You Secure

Data Encryption
As per industry best-practices HTTPS and Transport Layer Security (TLS)

Web Application Security
Follows industry-standard secure coding guidelines

Physical & Network Security
Hosts data in dedicated facilities with 24x7 security

Security & Compliance FAQs

How is security and privacy compliance enforced?

Reflektive is SOC 2 Type 1 compliant, a standard that specifies best practices and various security controls. SOC 2 is specifically designed for service providers storing customer data in the cloud.  SOC 2 applies to any company storing customer data in the cloud in order to minimize risk and exposure to that data, and defines criteria for managing customer data based on five “trust service principles” – security, availability, processing integrity, confidentiality and privacy.  Reflektive provides a secure environment that goes above and beyond industry security standards and guidelines. We are currently in the process of achieving our Type 2 compliance.

The U.S.-EU Privacy Shield compliance is granted via application to the US Department of Commerce. Reflektive provided evidence of data protection practices and committed publicly to follow those practices, and was then certified.  Reflektive’s status can be found at the Privacy Shield List.

How does Reflektive protect sensitive information?

Sensitive information is stored using several layers of encryption in a segmented network with no public internet access. New encryption keys are generated on a daily basis, and existing keys are rotated on a regular basis.

Does Reflektive follow Web application development and security standard policies?

Reflektive application development follows industry-standard secure coding guidelines. Application is segmented by function to maintain security.  Each of our software releases are tested by QA and security teams for full scope of OWASP security risks.

How does Reflektive secure physical and network access?

Reflektive is hosted in a dedicated hosting environment with 24×7 security. Physical access to the network is strictly limited and monitored. Private networks are strictly segmented according to function. Restrictive firewalls protect communication entering the network and between private networks. All access to Reflektive’s network and services is strictly logged. Audit logs are reviewed on a regular basis. Internal and external network penetration tests are performed on a regular basis by third-parties. Two-factor authentication and strong password controls are required for administrative access.