Security

This security statement applies to the products, services, websites, and platforms offered by Emissary, Inc. Our privacy policy contains more information on how we handle data that we collect.

Overview

Emissary has a robust security program involving regular vulnerability assessments and penetration tests with third party security auditors. In addition, Emissary is in the process of achieving an audited Service Organization Controls (SOC 2) Type 2 certification, expected to be completed in January, 2023.

 

Our Security Practices

Organizational Security & Personnel

Emissary has a strong security culture throughout its organization and leadership team. All Emissary personnel receive security training on an annual basis.

Written Information Security Policy (WISP)

Emissary has a rigorous set of policies that the organization follows to ensure consistent practice and to protect Emissary and its customers’ confidentiality.

Data Center & Network Security

The Emissary platform is hosted entirely within the Google Cloud Platform (GCP) secure cloud. GCP aligns with various compliance standards. The Emissary Security Team has implemented rigorous network security controls, and has established robust monitoring and alerting for anomalies, unusual user behavior, performance, availability, and other issues to minimize the threat of a security incident.

Customer Data Security

All data is encrypted both in transit using Transport Layer Security (TLS) 1.2+ and at rest using the Advanced Encryption Standard (AES) algorithm, AES-256.

Internal R&D Processes

Emissary weaves security best practices into its Software Development Life Cycle (SDLC), ensuring that our software meets customer expectations while also having an appropriate level of security. All Emissary software engineers receive web application security training on an annual basis.

Identity & Access Management

Emissary has mature Identity and Access Management practices. Emissary follows a policy of least privilege and uses role-based access controls to manage employee access to company infrastructure, systems, and customer data. Access Control reviews are performed regularly by the Emissary Security Team.

Change Management

Emissary has an established methodology to manage changes to both our infrastructure and platform. All changes to any system or service are reviewed, approved, and well communicated. The rigorous change management process is designed to prevent unintended service disruptions and maintain the integrity of the services provided to customers.

Certification & Audits

Emissary is in the process of achieving its Service Organization Controls (SOC 2) Type 2 certification and is committed to participating in annual audits with an accredited auditor to maintain this distinction. In addition, Emissary performs regular third-party vulnerability and penetration tests of our infrastructure and systems.