Trust
Trust has become the new currency for success. It is paramount for companies to earn and maintain customer trust.
As a leading provider of enterprise consent and preference management solutions, we understand how important it is to protect our customers’ data.
Compliance and Certifications
Our policies and practices are designed to provide our customers with peace of mind for regulatory compliance.
Learn More
Protecting Privacy
See how we are committed to earning and maintaining our customers’ confidence.
Learn More
Security Program
PossibleNOW understands that the confidentiality, integrity, security, and availability of our customers' information are vital to their business operations and our own success. We have stringent standards and processes in place to ensure data safety and integrity while maintaining a high-level of performance. Our security foundation is built from the start with strict adherence to industry best practices such as the NIST Cyber Security Framework.
Disaster Recovery and Resiliency
Redundancy is utilized extensively in the production data center at the network, server, application, and database layers to insure high-availability and provide a resilient environment to support service continuity and performance. All customer data is stored in our secure QTS data center and is replicated to a disaster recovery environment in Microsoft Azure. This design provides the ability to rapidly restore application services in the event of an outage or loss of the primary data center.
Security Measures
Our cyber security defense measures include intrusion detection, attack prevention, vulnerability scanning, penetration testing, behavioral analytics, and anomaly detection. We also monitor and protect against the most critical web application security risks, such as SQL injection and cross site scripting. Our threat data is continuously updated to protect against the latest threats and zero day attacks.
Our application development staff uses a documented SDLC process and is knowledgeable in secure coding principles. Our SDLC process includes a static code peer review, management review and an automated security scan which specifically utilizes rules for OWASP Top 10 and SANS Top 25 vulnerabilities.
Compliance and Certifications
PossibleNOW recognizes that our customers are subject to laws that govern the handling of personal information. As such, we seek to maintain compliance with such laws by providing a comprehensive privacy and security program that includes certifications, policies, practices, people, and technology.
PossibleNOW maintains a Service Organization Control (SOC) report to provide assurance and detailed insight into the design and operating effectiveness of internal control systems implemented in our DNCSolution® and MyPreferences® platforms. Service Organization Control (SOC) reporting was developed by the American Institute of CPAs (AICPA) to provide a data security framework for service providers. Our successful completion of a SOC 2 Type II examination demonstrates that our company and our products have clear guidelines and proven procedures for managing customer data as it relates to security, availability, and confidentiality.