This security statement applies to the products, services, websites, and platforms offered by Emissary, Inc. Our privacy policy contains more information on how we handle data that we collect.
Overview
Emissary has a robust security program involving regular vulnerability assessments and penetration tests with third party security auditors. In addition, Emissary has achieved an audited Service Organization Controls (SOC 2) Type 2 certification, most recently completed in February 2023.
Our Security Practices
Organizational Security & Personnel
Emissary has a strong security culture throughout its organization and leadership team. All Emissary personnel receive security training on an annual basis.
Written Information Security Policy (WISP)
Emissary has a rigorous set of policies that the organization follows to ensure consistent practice and to protect Emissary and its customers’ confidentiality.
Data Center & Network Security
The Emissary platform is hosted entirely within the Google Cloud Platform (GCP) secure cloud. GCP aligns with various compliance standards. The Emissary Security Team has implemented rigorous network security controls, and has established robust monitoring and alerting for anomalies, unusual user behavior, performance, availability, and other issues to minimize the threat of a security incident.
Customer Data Security
All data is encrypted both in transit using Transport Layer Security (TLS) 1.2+ and at rest using the Advanced Encryption Standard (AES) algorithm, AES-256.
Internal R&D Processes
Emissary weaves security best practices into its Software Development Life Cycle (SDLC), ensuring that our software meets customer expectations while also having an appropriate level of security. All Emissary software engineers receive web application security training on an annual basis.
Identity & Access Management
Emissary has mature Identity and Access Management practices. Emissary follows a policy of least privilege and uses role-based access controls to manage employee access to company infrastructure, systems, and customer data. Access Control reviews are performed regularly by the Emissary Security Team.
Change Management
Emissary has an established methodology to manage changes to both our infrastructure and platform. All changes to any system or service are reviewed, approved, and well communicated. The rigorous change management process is designed to prevent unintended service disruptions and maintain the integrity of the services provided to customers.
Certification & Audits
Emissary has the Service Organization Controls (SOC 2) Type 2 certification and is committed to participating in annual audits with an accredited auditor to maintain this distinction. In addition, Emissary performs regular third-party vulnerability and penetration tests of our infrastructure and systems.