Security and
Compliance Programs

In order to protect our customers and their data, AuditBoard has adopted a formal information security management program that governs software development, infrastructure operation, administration, and delivery of the AuditBoard product application.

These security programs, along with an extensive control environment, are aligned with and regularly assessed against industry standard frameworks such as: NIST 800-53, ISO 27001, SSAE-16 SOC 2, Cloud Security Alliance STAR and HIPAA. The AuditBoard application is hosted exclusively on cloud infrastructure that meets FedRamp-moderate impact compliance requirements.

  • HIPAA Compliant
    HIPAA
  • General Data Protection Regulation
    GDPR
  • NIST 800-53
  • AICPA SOC
    SSAE-16 SOC 2
  • CCM Cloud Controls Matrix
    Cloud Security Alliance STAR
Data Privacy Regulation

AuditBoard complies with the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) regarding the collection, use, and retention of personal information. For more details, see AuditBoard’s Privacy Policy.

Cloud
Hosted SaaS

The AuditBoard platform is hosted on Amazon Web Services (AWS) cloud infrastructure.

  • Trusted AWS is the gold standard for thousands of companies worldwide, who rely on their extensive and integrated native security controls.
  • Browser-based Web Application All functionality is accessible from a web browser and any modern browser is compatible.
  • Redundancy Servers are replicated and load-balanced across data centers and regions.
  • Physical Security AWS data centers use biometric entry authentication and have 24/7 monitoring.

Access
Controls

Configure granular access policies and role based permissions.

  • Single-Sign-On Use Industry standard SAML 2.0 to integrate your corporate directory or identity providers such as Active Directory, OneLogin, Okta and many others.
  • Strong Authentication Customize password strength requirements, password re-use policies and failed login attempt limits.
  • Two-Factor Authentication Require users to authenticate with phone-based one-time passwords (OTP) as a second factor.
  • IP Restrictions Limit what networks can access the AuditBoard application.
  • Precise Authorization Use out-of-the-box role-based permissions or create custom roles to restrict what can be viewed and edited — down to the field level.
  • Information Barriers Set up restrictions to partition and silo sensitive data within your organization.

Data
Protection

All customer data is encrypted at rest
and in transit.

  • Transport Encryption Strong end-to-end TLS 1.2 encryption protects customer data wherever it is transferred.
  • Storage Encryption All customer files, databases, and backups are AES-256-bit encrypted before being written to permanent disk storage.
  • Data Integrity Your data is protected from loss, manipulation, or corruption by cryptographic hashing controls that enforce versioning and provide secure transactional capabilities.
  • Secure Deletion NIST-compliant data sanitization procedures are employed to securely delete data that has reached the end of its useful life.

Comprehensive
Audit Trails

Visibility and monitoring at all levels.

  • Strictly Monitored All platform components are closely monitored to ensure performance, availability, and security.
  • Audit Logs Every data change made in the system is recorded against the authenticated user.
  • Login History Every successful or failed attempt to access your AuditBoard instance is recorded and viewable.

Integrations

AuditBoard is designed to be integrated with your enterprise.

  • API-First Approach Built on industry standard JSON REST APIs, the AuditBoard platform is easy to integrate with your existing enterprise applications.
  • Single-Sign-On Supports SAML-compliant SSO includeing Active Directory, OneLogin, or Okta.
  • Microsoft Office Integration Integrated with the tools you are familiar with including Excel, Visio, PowerPoint, and Word. Supports real-time collaboration powered by Office 365.
  • Other Integrations Including but not limited to Slack, Google Drive, Jira, and Adobe Acrobat.

Software
Security

AuditBoard software is developed in accordance with the highest security standards.

  • Continuous Software Updates Product upgrades that contain new security enhancements as well as the latest software updates are automatically applied.
  • Extensively Tested All product updates undergo strict quality and security assurance testing before being made available for release.
  • Third-party Verified AuditBoard platform security is regularly assessed by third-party penetration testers and security assessors.

Resiliency and
Availability

Architected for high availability so your data is always there when you need it.

  • Real-time Backups Continuous, real-time backups allow for data recovery at 1-second granularity.
  • Daily Backups Encrypted full database backups are made daily and stored in encrypted, redundant, and versioned S3 storage.
  • Resiliency and Redundancy Uptime is guaranteed by built in redundancies at the regional, datacenter, hardware, container, and data levels.
  • Export Everything All data and files in AuditBoard can be exported in common formats such as CSV.