Publish Date: May 11, 2022
We take the security of your data very seriously at Prism and aim to be as clear and open as we can about the way we handle security. If you have additional questions regarding security, we are happy to answer them. Please write to firstname.lastname@example.org and we will respond as quickly as we can.
Prism services are hosted over the Internet on a “Public Cloud”, which are computing services offered by third party providers to anyone who wants to use or purchase them. Like all cloud services, a public cloud service runs on remote servers that a provider manages.
Prism services undergo security assessments by internal personnel and external security firms who perform regular audits of the Prism services to verify that our security practices are sound and to monitor the Prism services for new vulnerabilities discovered by the security research community.
Prism is SOC2 certified and uses Vanta for continuous monitoring of Prism’s compliance and security posture.
Prism, or an authorized external entity, will monitor the Prism services for unauthorized intrusions.
Systems used in the provision of the Prism services log information to their respective system log facilities or a centralized logging service (for network systems) in order to enable security reviews and analysis. Prism maintains an extensive centralized logging environment in the production environment which contains information pertaining to security, monitoring, availability, access and other metrics about the Prism services. These logs are analyzed for security events via automated monitoring software, overseen by the security team.
Prism maintains security incident management policies and procedures. Prism notifies impacted customers without undue delay of any unauthorized disclosure of their respective Customer Data by Prism or its agents of which Prism becomes aware to the extent permitted by law. Prism publishes system status information on the Prism Status Page. Prism typically notifies customers of significant system incidents via email, and for incidents lasting more than one hour, may invite impacted customers to join a conference call about the incident and Prism’s response.
Prism services use industry-accepted encryption products to protect Customer Data (1) during transmissions between a customer's network and the Prism services; and (2) when at rest. Prism services support the latest recommended secure cypher suites and protocols to encrypt all traffic in transit. We monitor the changing cryptographic landscape closely and work promptly to upgrade the service to respond to new cryptographic weaknesses as they are discovered and implement best practices as they evolve. For encryption in transit, we do this while also balancing the need for compatibility with older clients.
We’re committed to making the Prism services a highly available service that you can rely on. Our infrastructure runs on systems that are fault-tolerant, for failures of individual servers or even entire data centers. Industry standard best practices for reliability and back-up helped shape the design of the Prism services. Prism performs regular backups, facilitates rollbacks of software and system changes when necessary and replication of data as needed.
Customer Data is stored redundantly in multiple locations in our hosting provider’s data centers to ensure availability. We have well-tested backup and restoration procedures which allow recovery from a major disaster. Customer Data and our source code are automatically backed up. The operations team is alerted in the event of a failure in this system. Backups are fully tested at least every 365 days to confirm that our processes and tools work as expected.
Prism employees receive privacy and security training during onboarding as well as on an ongoing basis. All employees are required to read and sign our comprehensive information security policy covering the security, availability, and confidentiality of the Prism services.
Prism uses infrastructure provided by Google Cloud to host or process Customer Data submitted to the Prism services. Information about security provided by Google Cloud is available from the Google Cloud Security website.