Security - InFlight

SOC 2 Compliance

InFlight is certified Service Organization Control 2 (SOC 2) Type 2 compliant.

Our processes, procedures, and controls have satisfied AICPA SOC 2 standards and we maintain compliance through rigorous attention to security protocols.

SOC 2

InFlight’s information security protocols

Secure transmission

Transmission by InFlight of customer’s sensitive information, including user’s credentials, is encrypted using the TLS protocol and contemporary cipher suites. InFlight does not store transmitted data. The data transmitted is stored within the system of record.

Ongoing risk assessment

InFlight’s Information Security Team and its Management continually monitor operational risks involved in its service structure, including touch points with subservice organizations.

Secure environment

InFlight partners with Amazon Web Services (AWS) to operate the InFlight platform on highly secure, reliable, and scalable infrastructure services. AWS is a leader in cloud security and compliance offerings.

Learn more about AWS

High availability

InFlight’s use of AWS high-availability cloud infrastructure for all production websites eliminates single points of failure. InFlight also performs periodic disaster recovery exercises to ensure the recovery time objectives are being met.

Vulnerability testing and patching

InFlight has a 3rd party vulnerability vendor scanning critical systems on a periodic and ongoing basis. Automated vulnerability scans are performed no less than on a quarterly basis.

A patch management process exists to confirm that operating system level vulnerabilities are remediated in a timely manner. In addition, production servers are scanned to test patch compliance on at least a quarterly basis.

InFlight patches all long-term support systems on a monthly basis.

Security monitoring

InFlight uses a combination of system event logging and monitoring solutions to monitor:

Uptime
System/Application logs
Performance and network metrics
Receive alert notifications and incident management

Intrusion Detection System (IDS) is employed to detect and analyze events across the AWS networks and infrastructure.

Annual security awareness training

InFlight requires compliance with its security policies and procedures by all employees. InFlight’s employee security training is presented on hire and annually thereafter.

Commitment to integrity

InFlight has adopted policies that exceed the formal requirements of SOC 2 compliance by promoting a code of conduct and certain human rights considerations amongst its employees that emphasizes ethical best practices as well.

Enhancing security of existing application stacks

Single sign-on & multi-factor authentication

The InFlight platform can integrate with most enterprise identity federation and single sign-on services. This integration allows your end users such as employees, for example, to access your platform interface using your corporate standard for authentication.

Control the risk level of your applications

InFlight allows you to control which components of your enterprise application are accessible outside your firewall.

Web Application Firewall support

Add a WAF, including support for the OWASP top ten protections, to your existing enterprise applications using InFlight.

Learn more about cloud hosting

“As a company, InFlight is on a journey to achieve the gold standard for information security and preserve the trust of customers in our systems and applications. Audited security compliance is a critical part of this mission. Being SOC 2 certified reinforces our commitment to the highest standards of information security.”
Annu Dawar | Managing Director, InFlight

About InFlight

Learn more about InFlight

Security matters

Maintaining our customer’s trust is our top priority. Learn more about what InFlight is doing to keep your data safe and secure.