Security

Secure and reliable performance management

Reflektive meets or exceeds all industry-standard business data security and privacy practices to protect our customers.

Reflektive is SOC 2 Type II Certified

Reflektive has been SOC2 Type II certified for three years and counting. Service Organization Controls (SOC) exist to validate a company’s controls and ensure industry standards are followed. Our SOC 2 Type II report was prepared in accordance with the Statement on Standards for Attestation Engagements No. 16 (aka SSAE 16) and documents operational policies and procedures for Reflektive’s system of internal controls.

What is the U.S.-EU Privacy Shield?

Privacy Shield is a joint certification from the U.S. Department of Commerce, European Commission, and Swiss Administration that affirms that Reflektive adheres to privacy practices that comply with EU data protection laws and Swiss data protection laws. This gives EU and Swiss companies confidence that they can allow Reflektive to store their data in U.S.-based data centers, and helps Reflektive avoid the cost and overhead of hosting data in the EU.

What is the GDPR?

The GDPR is a European Union regulation that establishes a new framework for handling and protecting the personal data of EU-based residents. One of the aims of the GDPR is to harmonize and bring data privacy laws across Europe up to speed with the rapid technological change in the past two decades. It builds upon the current legal framework in the European Union, including the EU Data Protection Directive in existence since 1995.

Data Encryption
As per industry best practices HTTPS and Transport Layer Security (TLS)

Web Application Security
Follows industry-standard secure coding guidelines

Physical & Network Security
Hosts data in dedicated facilities with 24/7 security

Security & Compliance FAQs

How is security and privacy compliance enforced?


Reflektive is SOC 2 Type 2-certified, a standard that specifies best practices and various security controls. SOC 2 is specifically designed for service providers storing customer data in the cloud. SOC 2 applies to any company storing customer data in the cloud in order to minimize risk and exposure to that data, and defines criteria for managing customer data based on five “trust service principles” — security, availability, processing integrity, confidentiality, and privacy. Reflektive provides a secure environment that goes above and beyond industry security standards and guidelines. 
The U.S.-EU Privacy Shield compliance is granted via application to the U.S. Department of Commerce. Reflektive provided evidence of data protection practices and committed publicly to follow those practices, and was then certified. Reflektive’s status can be found at the Privacy Shield List.


How does Reflektive protect sensitive information?


Sensitive information is stored using several layers of encryption in a segmented network with no public internet access.


Does Reflektive follow web application development and security standard policies?


Reflektive application development follows industry-standard secure coding conventions. Applications are segmented by function to maintain security. Each of our software releases are tested by QA and security teams for the full scope of OWASP security risks.


How does Reflektive secure physical and network access?


Reflektive is hosted in a dedicated hosting environment with 24/7 security. Physical access to the network is strictly limited and monitored. Private networks are strictly segmented according to function. Restrictive firewalls protect communication entering the network and between private networks. All access to Reflektive’s network and services is strictly logged. Audit logs are reviewed on a regular basis. Internal and external network penetration tests are performed on a regular basis by third parties. Two-factor authentication and strong password controls are required for administrative access.


Is Reflektive GDPR compliant?


In 2018, Reflektive achieved GDPR compliance. Organizations established in the EU or employing EU-based individuals can rest assured that Reflektive is handling their personal information in accordance with the latest EU laws.


Does Reflektive maintain documentation of corporate Technical and Organizational Measures (TOMs)?


For more information about our policies and practices regarding personal information, please read Reflektive Technical and Organizational Measures.

How can we help you be secure?