SOC 2 Compliance

InFlight is certified Service Organization Control 2 (SOC 2) Type 2 compliant.

Our processes, procedures, and controls have satisfied AICPA SOC 2 standards and we maintain compliance through rigorous attention to security protocols.

 

SOC 2

InFlight’s information security protocols

Secure transmission

Transmission by InFlight of customer’s sensitive information, including user’s credentials, is encrypted using the TLS protocol and contemporary cipher suites. InFlight does not store transmitted data. The data transmitted is stored within the system of record.

Ongoing risk assessment

InFlight’s Information Security Team and its Management continually monitor operational risks involved in its service structure, including touch points with subservice organizations.

Secure environment

InFlight partners with Amazon Web Services (AWS) to operate the InFlight platform on highly secure, reliable, and scalable infrastructure services. AWS is a leader in cloud security and compliance offerings.

Learn more about AWS

High availability

Vulnerability testing and patching

InFlight has a 3rd party vulnerability vendor scanning critical systems on a periodic and ongoing basis. Automated vulnerability scans are performed no less than on a quarterly basis.

A patch management process exists to confirm that operating system level vulnerabilities are remediated in a timely manner. In addition, production servers are scanned to test patch compliance on at least a quarterly basis.

InFlight patches all long-term support systems on a monthly basis.

Security monitoring

InFlight uses a combination of system event logging and monitoring solutions to monitor:

  • Uptime
  • System/Application logs
  • Performance and network metrics
  • Receive alert notifications and incident management

Intrusion Detection System (IDS) is employed to detect and analyze events across the AWS networks and infrastructure.

Annual security awareness training

InFlight requires compliance with its security policies and procedures by all employees. InFlight’s employee security training is presented on hire and annually thereafter.

Commitment to integrity

InFlight has adopted policies that exceed the formal requirements of SOC 2 compliance by promoting a code of conduct and certain human rights considerations amongst its employees that emphasizes ethical best practices as well.

 

Enhancing security of existing application stacks

Single sign-on & multi-factor authentication

The InFlight platform can integrate with most enterprise identity federation and single sign-on services. This integration allows your end users such as employees, for example, to access your platform interface using your corporate standard for authentication.

 

Control the risk level of your applications

InFlight allows you to control which components of your enterprise application are accessible outside your firewall.

Web Application Firewall support

Add a WAF, including support for the OWASP top ten protections, to your existing enterprise applications using InFlight.

Learn more about cloud hosting

There’s never a good time for a security breach

Learn more about InFlight’s information security protocols

Contact us