External Validation and Third-Party Certification
SOC 2 Type 2 Certified
Evisort is SOC 2 Type 2 certified and our system is equipped with automated monitoring. Your most sensitive data is in the safest and most secure environment
Penetration tested for
vulnerability management
Twice a year Evisort undergoes regular penetration testing by disinterested third parties and continues vulnerability monitoring to maintain the security of our solution. We also continually scan and test our services internally, as well as contracting with external firms.
Privacy Shield Framework
Privacy Shield is a certification to ensure companies treat, protect, and are transparent about user data when transferring personal and customer data between the EU/Switzerland and the United States. This ensures that Evisort is compliant with GDPR.
Highest Internal Measures
Security and privacy policies
Evisort has a formal, corporate-wide privacy policy in place, reviewed by counsel. We do not store or maintain personally identifiable data or credit card information. Our security program is based on ISO 27001 standards.
A formal Information Security Policy is in place with regular review and updates on: acceptable use, backup, business continuity, data classification, email use, encryption, incident response, information security, intellectual property rights, network access and authentication, outside devices, paper and electronic media, passwords, patch management (servers and applications), physical security, risk assessment, software change management, software development, and third-party vendors.
Data control and monitoring
Evisort has continuous monitoring in place, including network and host intrusion detection. We keep full audit logs and conduct vulnerability scans regularly.
Secure web hosting services
Evisort is hosted on both Microsoft Azure as well as Amazon Web Service in a multi-tenant configuration with a Virtual Private Cloud (VPC) option.
High encryption standards
Data is encrypted at rest and in transit (AES-256).
Cloudflare Endpoint protection
All connections are monitored and secured through the industry-leading Cloudflare Endpoint protection, which monitors for, and helps prevent, malicious visitors.
Manage Your Users Access
Customized Access Control
Evisort allows clients to create and manage different levels of user access privileges, such as admins and read-only users. Admins can also define which users have access to certain documents and folders.
Single Sign-On
For enterprise customers, Evisort supports Single Sign-On (SSO) via SAML, the industry-leading standard for identity management and federated access control. With SSO enforced, our customers can use the same login credentials and security requirements that they apply across their enterprise for all their important applications, and streamline the user provisioning and de-provisioning process.
Vulnerability Testing
World-wide bounty program
Evisort runs a world-wide bounty program where white-hat hackers are offered payment to discover vulnerabilities in Evisort’s system. The bounty program is one of many ways we are proactive in our security efforts.