SECURITY

DATA CENTER AND NETWORK SECURITY

Librimind hosts all its software in Microsoft Azure facilities. Microsoft provides an extensive list of compliance and regulatory assurances, including SOC 13, FedRAMP, ITAR and ISO 27001. See Azure’s compliance and security documents for more detailed information.

All of Librimind servers are located within Librimind’s own virtual private cloud (VPC), protected by restricted security groups allowing only the minimal required communication to and between the servers.

Third-party network vulnerability scans are conducted at least annually.

GDPR

We know that maintaining GDPR & privacy compliance is a top priority for your business. That’s why Librimind takes a holistic and personalized approach to compliance, maintaining GDPR compliance ourselves, and enabling your business to set its own compliance preferences, as a controller.

Librimind employs data protection and privacy by design, combining enterprise-grade security features with comprehensive audits of our policies, applications, systems, and networks.

Librimind’s privacy & security team includes a Data Protection Officer (DPO), Chief Information Security Officer (CISO), and a Compliance Officer, who continuously ensure that Librimind’s practices and products comply with GDPR and similar regulations. Our Terms and Conditions, Privacy Policy, and Data Processing Addendum (DPA) are up-to-date and reflect our GDPR readiness.

APPLICATION SECURITY

Web application architecture and implementation follow OWASP guidelines.

In addition to Librimind’s extensive testing program, application penetration testing by a third-party are conducted at least annually.

Single sign-on (SSO) allows you to authenticate users without requiring them to enter login credentials for your Librimind instance. Login using Librimind can be disabled, and Librimind supports SSO using SAML, Office 365, and SAP.

Librimind login requires strong passwords. User passwords are salted, irreversibly hashed, and stored in Librimind’s database. Audit logging lets administrators see when users last logged in and when passwords were last changed.

DATA SECURITY

All connections to Librimind are encrypted using SSL, and any attempt to connect over HTTP is redirected to HTTPS.

All customer data (including call recordings and transcripts) is encrypted at rest and in transit. System passwords are encrypted using Azure Key Vault with restricted access to specific production systems.

We use industry-standard PostgreSQL, Elastic Search and HBase data storage systems hosted at Azure and/or by the respective vendors.

Data access and authorizations are provided on a need-to-know basis, and based on the principle of least privilege. Access to the Azure production system is restricted to authorized personnel, and is carried out using VPN with Active Directory authentication.

Librimind Customers may configure a data retention duration, and Customer data is purged from Librimind systems subsequent to contract termination.

SECURITY POLICIES AND SECURE DEVELOPMENT LIFE CYCLE (SDLC)

Librimind maintains security policies that are maintained, communicated, and approved by management to ensure everyone clearly knows their security responsibilities. Librimind policies are audited annually as part of the SOC2 certification.

Code development is done through a documented SDLC process. Design of all new product functionality is reviewed by its security team. Librimind conducts mandatory code reviews for code changes and periodic in-depth security review of architecture and sensitive code. Librimind development and testing environments are separate from its production environment.

Employee hiring process includes background screening. At least annually, engineers participate in secure code training covering OWASP Top 10 security flaws, common attack vectors, and Librimind security controls.

Vulnerability Disclosure Process – Librimind considers privacy and security to be core functions of our platform. Earning and keeping the trust of our customers is our top priority, so we hold ourselves to the highest privacy and security standards. If you have discovered a security or privacy issue that you believe we should know about, we would love to hear from you. Please reach out to us at security@librimind.com and let us know.

APPLICATION MONITORING

All access to Librimind applications is logged and audited. 

Logs are kept for at least one year. Librimind maintains a formal incident response plan for major events.

©  Librimind 2020

33, Jabotinsky St

Ramat Gan, Israel