All Celigo employees are required to pass a background check. In addition to this, employees in engineering, services, support, and operations (basically anyone with access to anything deemed security sensitive) are required to use LastPass, with multifactor authentication enabled, to store and generate all credentials used to perform job functions. Engineering employees with access to production systems are also required to undergo varying levels of security training at least annually. All Celigo employees are always only granted access to the minimal number of applications or systems needed to perform their job function.
Integrator.io is built using best of breed technology frameworks and secure software development practices. All bug fixes, enhancements, new features, etc. undergo a rigorous test and review process before any changes are pushed to the production environment. Production and testing environments are completely segregated from each other, and customer data is never used in QA or developer testing. Security related bugs are always assigned the highest priority, and a root cause analysis is performed for all major bugs that make it into production. Both vulnerability and penetration testing are performed at least annually. HackerOne is used to engage outside security researchers to expose vulnerabilities in the integrator.io platform (for bounty). Access to the integrator.io web app is protected by username/password (passwords are one-way hashed), and access to the API is protected by bearer tokens. Both web and API access require SSL.
Celigo takes compliance seriously, and as such, besides being GDPR ready, we have completed a SOC 2 Type 1 audit in May 2019, and are working on the Type 2. We are also completing some technical implementations, and we are planning to soon be HIPAA ready as a Business Associate able to sign A Business Associate Agreement (BAA) when those implementations have completed.
As a customer or a prospect, you may request a copy of the SOC 2 report under Mutual NDA from email@example.com.
Found a vulnerability?
If you find a security vulnerability please email firstname.lastname@example.org, and we will address the issue ASAP.