Policies

SECURITY AS A PRINCIPLE

Organizational Security

Prosperi takes the security of your data and our clients’ data seriously, ensuring that only authorized individuals have access to its resources.

– Information Security Program

We have an Information Security Program in place that is communicated throughout the organization. Our Information Security Program follows the criteria established by SOC 2. SOC 2 is a widely recognized information security audit procedure created by the American Institute of Certified Public Accountants.

– Roles and Responsibilities

The roles and responsibilities related to our Information Security Program and the protection of our clients’ data are well-defined and documented. Our security policies are periodically reviewed and accepted by everyone at Prosperi.

– Security Awareness Training

Everyone at Prosperi periodically undergoes security awareness training, covering best practices and information security topics such as phishing and password management.

– Confidentiality

Everyone at Prosperi signs and adheres to a confidentiality agreement upon hiring.

– Background Checks

We conduct background checks on all new team members in accordance with local laws.

 


Secure Development

All software development projects follow secure development lifecycle principles.

All new products, tools, and services undergo a project review to ensure that security requirements are incorporated into the proposed development.

All team members regularly involved in any system development undergo annual secure development training in coding or scripting languages they work with, as well as any other relevant training.

Software development is conducted according to the top 10 recommendations of OWASP for web application security.

–  Secure Testing

Penetration testing (Pen Test) is regularly conducted by independent vendors, as well as vulnerability scanning of all production systems.

All new systems and services are verified before being deployed to production.

Penetration tests are executed on new systems or new versions of systems and services, both by internal security engineers and independent vendors.

We perform static and dynamic security tests on all code, including open-source libraries, as part of our software development process.

 

Cloud Security

– Cloud Infrastructure Security
All of our services are hosted on Microsoft Azure. Microsoft has a robust security program with multiple certifications. For more information on our provider’s security processes, visit Azure Security.

– Data Hosting Security
All our data is hosted in Microsoft Azure databases. These databases are all located in the United States. Please refer to the vendor-specific documentation linked above for more information.

– Data-at-Rest Encryption
All databases are encrypted at rest.

– Data-in-Transit Encryption
Our applications transmit encrypted data via TLS/SSL.

– Vulnerability Scanning
We conduct vulnerability checks and actively monitor threats.

– Logging and Monitoring
We monitor and log various cloud services.

– Business Continuity and Disaster Recovery
We use our data hosting provider’s backup services to mitigate the risk of data loss in case of hardware failure. We also use monitoring services to alert the team in case of any failures affecting users.

– Incident Response
We have a process for handling information security events, which includes escalation procedures, rapid mitigation, and communication.

 

Access Security

– Permissions and Authentication
Access to cloud infrastructure and other confidential tools is limited to authorized employees who need access to perform their duties.

When available, we implement Single Sign-On (SSO), Two-Factor Authentication (2FA), and strong password policies to ensure that access to cloud services is protected.

– Least Privilege Access Control
We follow the principle of least privilege when it comes to identity and access management.

– Quarterly Access Reviews
We perform quarterly access reviews of all team members with access to sensitive systems.

– Password Requirements
All team members are required to adhere to a minimum set of password complexity requirements.

– Password Managers
All team members use a password manager application.

Supplier and Risk Management

– Annual Risk Assessments
We undergo risk assessments at least annually to identify any potential threats, including considerations of fraud.

– Supplier Risk Management
The supplier’s risk level is determined, and appropriate reviews are conducted before engaging with the supplier.

Compliance

Prosperi is committed to providing secure products and services to manage billions of digital identities worldwide with security and ease. Our external certifications provide assurance of Prosperi’s dedication to protecting our clients through regular assessment and validation of the effectiveness of the security protections and practices that Prosperi has in place.

SOC 2 Type 2

Prosperi has successfully completed the AICPA Service Organization Control (SOC) 2 Type II audit. The audit confirms that Prosperi’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security.

Prosperi was audited by Prescient Assurance, a leader in security and compliance certifications for B2B, SAAS companies worldwide. Prescient Assurance is a “registered public accounting” firm in the US and Canada that provides risk management and assurance services, including SOC 2, PCI, ISO, NIST, GDPR, CCPA, HIPAA, CSA STAR, and more. For more information about Prescient Assurance, you can contact them at info@prescientassurance.com.

The SOC 2 Type II audit report demonstrates to Prosperi’s current and future clients that their data is managed with the highest standards of security and compliance.

Clients may request access to the audit report, but it requires a confidentiality agreement (NDA) to be signed by your company. To request a copy of our NDA and/or SOC report, please contact privacy@prosperiglobal.com.

Contact Us

If you have any questions, comments, or concerns, or if you wish to report a potential security issue, please contact privacy@prosperiglobal.com.

Consentimento de cookies conforme o RGPD com Real Cookie Banner