In our increasingly digital world, it is imperative that your suppiers do everything possible to protect your data from cyber threats. proSapient follows the ISO27001 framework for information security, taking a pro-active approach to mitigating risk.
We manage internal information security under the principles of ISO27001. We have successfully received our ISO27001 certification. You can verify the validity of our ISO certificate by entering our certificate number 236177 via this link.
Our platform and all associated data is stored securely in a secure cloud environment governed by SOC II complaince.
We conduct regular penetration tests with high quality third parties to ensure our products provide maximum protection against cyber threats.
We scan our code for vulnerabilities as part of our CI/CD pipeline.
Our platform can be deployed as a cloud instance or on-premise.
Our colleagues are continuously trained on the importance of informational security. Modules include phishing training as well as secure software development
Our RDS encrypted DB instances use the industry leading AES-256 encryption algorithm to encrypt your data. For an additional layer of security, all critical data is subject to an additional layer of encryption (column level).
proSapient uses a collection of security measures that create an umbrella of protection including Mimecast as well as the Microsoft suite.
Production database access is prohibited by our engineering team
We pro-actively assess every internal and third party system for risks (around confidentiality, integrity and availability). Any potential risks are documented and mitigated through corrective action and incremental audits.
proSapient places Compliance at the core of its culture. We operate at the highest legal and ethical standards, with a dedicated team of compliance specialists to support our clients, employees and experts.
Regular employee Compliance training, including modules in:
|COMPLIANCE RISK||RISK-SPECIFIC CONTROLS|
|Breach of Client Compliance Rules||
Client Compliance section on the platform to input specific requirements.
Technical platform controls including Compliance screening and questionnaires.
|Disclosure of Material Non-Public Information||Confidential information and insider trading policy and process|
|Insider Trading & Tipping||Personal account dealing policy and process|
|Fraud||Internal investigations process|
|Disclosure of Confidential Information||Confidential information and insider trading policy and process|
|Disclosure of Trade Secrets||Confidential information and insider trading policy and process|
|Bribery and Corruption||
Anti-bribery and corruption policy
Gifts and entertainment policy and process
|Money Laundering and Terrorist Financing||
Anti-money laundering policy
Money Laundering Reporting Officer
|Facilitation of Tax Evasion||Anti-facilitation of tax evasion policy|
|Failure to Report Improper Activity (Whistleblowing)||Whistleblowing policy and process|
|Regulatory Investigation||Our Compliance Framework|
|Modern Slavery||Modern slavery prevention policy|