Sales and customer data is critical to your business and we take the security of customer data extremely seriously. We host Provision using comprehensively hardened infrastructure-as-a-service (IaaS) on Google Cloud. Provision is securing SOC2 compliance with Type 2 audited annually. Our SOC2 report will be available to customers upon request.

  1. Provision will allow for authentication from SSO via SAML and OIDC. Provision does not store any passwords.
  2. Our web servers encrypt data in transit using the industry standard for HTTPS security (TLS 1.2) so that requests are protected from eavesdroppers and man- in-the-middle attacks. Our SSL certificates are 2048 bit RSA, signed with SHA256.
  3. All persistent data is encrypted at rest using industry-standard AES-256 algorithms.
  4. Provision has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
  5. All Provision employees are trained on security best practices and awareness during onboarding. We perform annual disaster recovery and data restoration tests.
  6. All employee computers have MDM that enforce our security policies like administrative access, screen lockout, strong passwords, encrypted disks and virus scanners. No Windows computers or servers are used at all other than in isolated testing environments.
  7. We use Google to verify employee account identity and require two-factor authentication for apps that access critical infrastructure or customer data.
  8. All employee contracts include a confidentiality agreement.
  9. All changes to source code are subject to automated testing and any that affect security require pre-commit code review by a qualified engineering peer that includes security, performance and potential-for-abuse analysis.
  10. All code is deployed to a staging environment for quality assurance and automated tests must pass prior to updating production services.
  11. Client code utilizes multiple techniques to ensure that using the Provision app is safe and that requests are authentic, including XSS and CSRF protection, signed and encrypted user authentication cookies and session expiration.
  12. We engage third-party security experts to perform detailed penetration tests on the Provision app and infrastructure.
  13. Provision implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our protocols.

If you have a security concern, question, or are aware of an incident, please send an email to [email protected], a carefully controlled and monitored email account.

Last updated 30 August, 2022