Compliance and Certifications
Our policies and practices are designed to provide our customers with peace of mind for regulatory compliance.
Learn MoreProtecting Privacy
See how we are committed to earning and maintaining our customers’ confidence.
Learn MoreTRUST
Trust Section
As a leading provider of enterprise consent and preference management solutions, we understand how important it is to protect our customers’ data. Just as we go to great lengths to protect our clients’ privacy, we do the same to protect their data and provide a high level of system performance and reliability. We protect your data by implementing and following a strict protocol of security and compliance measures.
Security Program
PossibleNOW understands that the confidentiality, integrity, security, and availability of our customers' information are vital to their business operations and our own success. We have stringent standards and processes in place to ensure data safety and integrity while maintaining a high-level of performance. Our security foundation is built from the start with strict adherence to industry best practices such as the NIST Cyber Security Framework.
Disaster Recovery and Resiliency
Redundancy is utilized extensively in the production data center at the network, server, application, and database layers to insure high-availability and provide a resilient environment to support service continuity and performance. All customer data is stored in our secure QTS data center and is replicated to a disaster recovery environment in Microsoft Azure. This design provides the ability to rapidly restore application services in the event of an outage or loss of the primary data center.
Security Measures
Our cyber security defense measures include intrusion detection, attack prevention, vulnerability scanning, penetration testing, behavioral analytics, and anomaly detection. We also monitor and protect against the most critical web application security risks, such as SQL injection and cross site scripting. Our threat data is continuously updated to protect against the latest threats and zero day attacks.
Our application development staff uses a documented SDLC process and is knowledgeable in secure coding principles. Our SDLC process includes a static code peer review, management review and an automated security scan which specifically utilizes rules for OWASP Top 10 and SANS Top 25 vulnerabilities.
Compliance and Certifications
PossibleNOW recognizes that our customers are subject to laws that govern the handling of personal information. As such, we seek to maintain compliance with such laws by providing a comprehensive privacy and security program that includes certifications, policies, practices, people, and technology.
American Institute of CPAs
PossibleNOW maintains a Service Organization Control (SOC) report to provide assurance and detailed insight into the design and operating effectiveness of internal control systems implemented in our DNCSolution® and MyPreferences® platforms. Service Organization Control (SOC) reporting was developed by the American Institute of CPAs (AICPA) to provide a data security framework for service providers. Our successful completion of a SOC 2 Type II examination demonstrates that our company and our products have clear guidelines and proven procedures for managing customer data as it relates to security, availability, and confidentiality.
Privacy Shield Framework
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce. As an entity operating in global markets PossibleNOW and its Subsidiaries receive personal data from EU or Swiss individuals. PossibleNOW and its Subsidiaries are Privacy Shield certified to confirm its commitment to complying with the Privacy Shield principles.
PRIVACY
Protecting Privacy
We use appropriate physical, technical, and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Some of those measures include limiting which of our employees have access to the information on a need to know basis, subjecting our employees to privacy and security training, confidentiality requirements, and conducting security testing on a regular basis. Read our public privacy notice at privacy statement.