Precisely Trust Center

Background Checks

Employees at Precisely must pass background checks as permitted by local laws and sign a non-disclosure agreement before hiring. Each year, employees must confirm adherence to the Company Handbook, Code of Conduct, Data Privacy, and Information Security policies.

Security and Privacy Training

Upon hiring and throughout their tenure at Precisely, all employees must complete tested security and privacy training. This training encompasses safe data handling and classification, compliance with data privacy laws, security best practices, and adherence to company policies and standards.

Additionally, the company offers role-specific training tailored to security and privacy needs.

Incident Management

Precisely has established Incident Response Plans outlining the procedures for detecting, reporting, identifying, analyzing, and addressing security incidents that affect Precisely’s infrastructure and data under its management. These incident response plans are regularly tested and updated.

Data Breach Notification

If a data breach occurs, Precisely will adhere to its Incident Response Plan and meet its contractual obligations by informing partners and customers about incidents affecting their infrastructure and data connected with the Precisely services and products they use.

Third Party Risk Management

Precisely may use sub-processors to perform or deliver services. Sub-processors are only allowed access to customer data where needed to provide the services and shall be bound by written agreements that require them to provide strict levels of data protection as required by Precisely and applicable regulations. These agreements are no less stringent than the data protection levels afforded by the customer’s agreement with Precisely. A list of sub-processors we currently use to perform or deliver products and services is made available by Precisely at: https://www.precisely.com/legal/licensing/list-of-sub-processors.

Supplier evaluations are performed during onboarding and periodically, depending on risk exposure, to maintain strong data security and privacy practices. Any changes to vendor services or contracts require a security risk assessment to ensure no new or unexpected risks arise.

Data Encryption

All customer data held by Precisely is encrypted in transit and at rest. Precisely uses industry-standard encryption algorithms and protocols, such as AES-256, TLS 1.2, and HTTPS, to protect data from unauthorized access, disclosure, or modification. Precisely also implements encryption key management best practices, such as periodic key rotation, secure storage, and access control, to ensure the confidentiality and integrity of encryption keys.

Information Classification and Handling Policy

Precisely has an Information Classification and Handling Policy for data labeling and retention. Platforms use built-in rules when applicable, and employees follow secure data removal guidelines upon service termination. Precisely adheres to NIST standards for permanent data deletion.

Backup and Recovery

Precisely has implemented backup and recovery policies for all essential systems. The frequency of backups varies depending on the nature and significance of the data and the underlying repositories. Whenever feasible, highly available, resilient, and redundant systems, services, and components are employed to enable automated failover. Precisely conducts regular, secure tests of backup and recovery processes for both data and supporting systems.

Vulnerability Remediation

Precisely has established a Patching and Configuration policy aimed at identifying and addressing vulnerabilities based on their associated risks. We employ several integrated management frameworks to oversee code, services, and systems, ensuring that vulnerabilities are evaluated and mitigated.

Intrusion and Malware Protection

Precisely has implemented a defense in depth strategy to protect company assets from intrusions and malware. This strategy involves multiple layers of security controls across the network, the endpoint, the application, and the data. Precisely uses centralized solutions to monitor and alert on the status and performance of these controls, and to detect and respond to any potential security incidents.

Data Protection

Precisely implements multiple data security controls to ensure data is secure throughout its lifecycle. These controls include DLP (Data Loss Prevention), data profiling, and data governance technologies to prevent unauthorized data access, disclosure, or modification. Precisely also applies end point controls, such as encryption, antivirus, firewall, and device management, to protect data on devices that access or store data. Additionally, Precisely ensures data integrity by using checksums, digital signatures, and audit trails to verify data authenticity and detect any tampering or corruption.

Logging & Monitoring

Precisely has a process in place to log, monitor, and respond to events and anomalies in its systems and solutions. Precisely has deployed centralized non-repudiable logging and monitoring solutions to identify and investigate possible security events and track anomalous behavior. Dedicated and centralized SIEM (Security Info & Event Management) platforms allow for Precisely and its partners to proactively identify events and respond to incidents.

Identity & Access Control

Access to corporate data is limited according to the principle of least privilege, using login credentials and time-restricted access for Precisely personnel who need it to fulfil their roles.

Additionally, Precisely employs various access controls, including Multi-Factor Authentication, Single Sign-On, Mobile Application Management (MAM), stringent password requirements, and restricted access to administrative accounts.

Precisely’s solutions also support role-based access controls, enabling customers to create roles with the minimum necessary privileges for specific tasks.

Security Operations Center

Precisely ensures continuous monitoring of its infrastructure all year round. Together with its partners, the company adopts a proactive stance on threat hunting and responds swiftly to security incidents.

Workplace Security

Precisely enforces strict access controls using electronic systems and alarms, allowing entry only to authorized personnel. Visitor registration, escort policies, and surveillance, ensure monitored access. Offices are equipped with fire suppression, detection systems, clear emergency exits, and evacuation routes. Health and safety measures comply with local laws and industry best practices. For remote access to corporate data and systems, Precisely requires the use of VPN connections, endpoint security software, and encryption of data in transit and at rest.

Data Center Security

Precisely processes and stores customer data in data centers located within geographic regions that meet regulatory requirements. These Tier 1 facilities and service providers are certified in SOC 2, HIPAA, PCI DSS, and ISO 27001, among others.

Frameworks

Precisely evaluates its SaaS, hosted, and external services against SOC 2 trust principles annually through an independent third-party assessor. All current SaaS products have attained SOC 2 Type 1 or Type 2 and HIPAA HITECH assessments in 2022/2023.

Precisely information security and control framework aligns to ISO 27001 and NIST CSF standards. The organization earned ISO 27001:2013 certification for its SaaS and hosted offerings in 2022/2023.