InFlight is certified Service Organization Control 2 (SOC 2) Type 2 compliant.
Our processes, procedures, and controls have satisfied AICPA SOC 2 standards and we maintain compliance through rigorous attention to security protocols.
Transmission by InFlight of customer’s sensitive information, including user’s credentials, is encrypted using the TLS protocol and contemporary cipher suites. InFlight does not store transmitted data. The data transmitted is stored within the system of record.
InFlight’s Information Security Team and its Management continually monitor operational risks involved in its service structure, including touch points with subservice organizations.
InFlight partners with Amazon Web Services (AWS) to operate the InFlight platform on highly secure, reliable, and scalable infrastructure services. AWS is a leader in cloud security and compliance offerings.
InFlight’s use of AWS high-availability cloud infrastructure for all production websites eliminates single points of failure. InFlight also performs periodic disaster recovery exercises to ensure the recovery time objectives are being met.
InFlight has a 3rd party vulnerability vendor scanning critical systems on a periodic and ongoing basis. Automated vulnerability scans are performed no less than on a quarterly basis.
A patch management process exists to confirm that operating system level vulnerabilities are remediated in a timely manner. In addition, production servers are scanned to test patch compliance on at least a quarterly basis.
InFlight patches all long-term support systems on a monthly basis.
InFlight uses a combination of system event logging and monitoring solutions to monitor:
Intrusion Detection System (IDS) is employed to detect and analyze events across the AWS networks and infrastructure.
InFlight requires compliance with its security policies and procedures by all employees. InFlight’s employee security training is presented on hire and annually thereafter.
InFlight has adopted policies that exceed the formal requirements of SOC 2 compliance by promoting a code of conduct and certain human rights considerations amongst its employees that emphasizes ethical best practices as well.
The InFlight platform can integrate with most enterprise identity federation and single sign-on services. This integration allows your end users such as employees, for example, to access your platform interface using your corporate standard for authentication.
InFlight allows you to control which components of your enterprise application are accessible outside your firewall.
Add a WAF, including support for the OWASP top ten protections, to your existing enterprise applications using InFlight.
Annu Dawar | Managing Director, InFlight