Security

Security And Privacy

InterScripts Security and Privacy teams establish policies and controls, monitor compliance with those controls, and prove our security and compliance to third-party auditors.

  • Access is limited to only those with a legitimate business need and granted based on the principle of
    least privilege.
  • Security controls are implemented and layered according to the principle of defense-in-depth.
  • Security controls are applied consistently across all areas of the enterprise.
  •  The implementation of controls is iterative, continuously maturing across the dimensions of improved effectiveness, increased audibility, and decreased friction.

Security Certification:

  • SOC 2 Type II
  • ISO 27001:2013
  • ISO 22301
  • ISO 27018:2019
  • CMMI Level 3

Protection

Data Protection for Our Solutions

All datastores with customer data, in addition to Azure Blob, data is encrypted at rest. Sensitive collections and tables also use row-level encryption. This means the data is encrypted even before it hits the database so that neither physical access, nor logical access to the database, is enough to read the most sensitive information.
InterScripts uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. We also use features such as HSTS (HTTP Strict Transport Security) to maximize the security of our data in transit. Server TLS keys and certificates are managed by Azure and deployed via Application Load Balancers. Also most of our solutions can be accessed using VPNs
Encryption keys are managed via KeyVault. It stores key material in Hardware Security Modules (HSMs), which prevents direct access by any individuals, including internal teams. The keys stored in HSMs are used for encryption and decryption via Azure APIs. Application secrets are encrypted and stored securely in Azure.

Stability

Product Security and Stability

InterScripts engages with one of the best penetration testing consulting firms in the industry at least annually. Our current preferred penetration testing tool is Burp Suite. It is also used for vulnerability testing.
All areas of the InterScripts product and cloud infrastructure are in scope for these assessments, and source code is fully available to the testers in order to maximize the effectiveness and coverage.
InterScripts requires vulnerability scanning at key stages of our Secure Development Lifecycle (SDLC). Penn, Vulnerability and load testing are done after every sprint release.

Initiative

Enterprise Security Organizational-Wide Initiative

All corporate devices are centrally managed and are equipped with mobile device management software and anti-malware protection. Endpoint security alerts are monitored with 24/7/365 coverage. We use MDM software to enforce secure configuration of endpoints, such as disk encryption, screen lock configuration, and software updates.
InterScripts provides comprehensive security training to all employees upon onboarding and annually through educational modules within InterScripts’ partner, Vanta platform. In addition, all new employees attend a mandatory live onboarding session centered around key security principles. All new engineers also attend a mandatory live onboarding session focused on secure coding principles and practices.
The InterScripts Security Team shares regular threat briefings with employees to inform them of important security and safety-related updates that require special attention or action.
InterScripts uses Azure IAM to secure our identity, single sign-on and access management. We enforce the use of phishing-resistant authentication factors, using WebAuthn exclusively wherever possible.
InterScripts employees are granted access to applications based on their role, and automatically deprovisioned upon the termination of their employment. Further access must be approved according to the policies set for each application.
At InterScripts, data privacy is a first-class priority. InterScripts strives to be trustworthy stewards of all sensitive internal and external data. We have protected emails, chat, data, and all external communication by storing and managing the data within Azure infrastructure.
No mobile information will be shared with third parties/affiliates for marketing/promotional purposes