SSAE 16 and SOC 2 are the most widely-recognized standards for reporting on controls at services organizations including software-as-a-service vendors (SaaS). Adaptive Insights is audited annually by a big-4 firm and currently maintains SOC 2 compliance with the Security, Confidentiality, Processing Integrity and Availability trust service principles.
TRUSTe provides certification of Adaptive Insights privacy practices to ensure compliance with EU-US Privacy Shield, Swiss-US Privacy Shield frameworks and APEC Cross Border Privacy Rules (CBPR) system covering the collection, use, and retention of data. Adaptive Insights practices are also consistent with the Australian Privacy Principles (APPs) and Canadian Personal Information Protection and Electronic Documents Act (PIPEDA).
Certification of the Adaptive Suite will shorten the evaluation process for the many enterprises interested in leveraging this popular cloud-based CPM solution, giving potential users confidence in its robustness and accelerating deployment.
Kamal Shah, vice president of products and marketing at Skyhigh Networks
The Adaptive Suite is only available over HTTPS, and all application data, logins, session cookies, etc. are transported using industry standard TLS encryption. Furthermore, all tape backup media, including onsite and offsite vaulting, is encrypted with at least 128-bit AES encryption. Using a true secure multi-tenant architecture, each customer's data is logically segmented from one another. Passwords are secured via one-way encryption using salted hashes and key-stretching algorithms. Organizations may opt instead to integrate with their existing identity and access management solutions (including cloud providers) by leveraging our SAML2 support. Administrators also have the option to lock down access to their accounts from only specified IP addresses.
The Adaptive Suite allows quick and simple management of permissions using a role based access control (RBAC) model. Customer administrators define the specific permissions for each role and assign those roles to users. These controls can be made as granular as desired all the way down to the row level of a sheet. Sheets and reports will display only data within a particular user's or role's security permissions. The platform provides a comprehensive audit trail that records all interactions and lets administrators understand what changes were made, by whom, and when they happened.
All production systems and data operations are hosted in top tier data centers within secure cages, with redundant power supplies, diverse carrier access, and robust physical security. Only limited authorized personnel have access to these systems using multi-factor authentication. Redundant firewalls with active failover and in-line intrusion detection/prevention systems enforce strong perimeter security. Continuous internal and 3rd party scans including regular penetration testing are performed in order to validate network, system, and application security.
Data centers are strategically placed to provide broad geographic coverage and great application performance to our customers worldwide. Organizations can easily maintain data sovereignty and know exactly where their data is at all times with the choice of hosting in our USA, Europe, Canada, or Australia data centers. To further protect against any possible case of failure, we maintain secondary and tertiary local databases and continuously replicate database transactions to geographically diverse disaster recovery (DR) sites within each country/region. DR plans are tested and updated regularly to ensure fast failover capabilities and to minimize any minimal service disruption.
Adaptive has a proven track record of providing high-uptime, reliable performance, and secure access to a globally dispersed user base. Adaptive commits to a contractual uptime SLA (for a given month, excluding scheduled maintenance). We believe in transparency and continuously monitor our system availability and performance, and make these metrics available on our website.