Security

Data Security with SearchUnify

Security is of paramount importance for an enterprise search solution. SearchUnify’s technology makes sure that it maintains data security and integrity at all times

Data Integrity

SearchUnify only maintains your content indexes. It does not write back into or modify any source content, which ensures that your data is never corrupted.

Data Encryption

SearchUnify uses AES-256 encryption while storing the indexes in the middleware. To ensure that no unauthorized person accesses the information, we use multifactor authentication.

Transport Layer Security

We understand data in transit is more vulnerable and prone to attacks than data at rest. SearchUnify uses TLS 1.2 encryption to protect data in transit.

Tenancy

SearchUnify is a single-tenant solution, which guarantees additional security to the content when maintaining its indexes.

Role-Based Access Control

SearchUnify provides role-based access to information. It makes sure that only authorized users can access information specific to their role.

Company Security

SearchUnify is an enterprise search product created by Grazitti Interactive – a digital innovation company committed to maintaining the confidentiality, integrity and availability of our customers’ data.

Grazitti Interactive has achieved the regulatory compliance with ISO 27001:2013, HIPAA, PIMS, and SSAE 18. We are committed to support the highest standards for business process control, data security, and privacy.

ISO27001:2013 – Information Security Management System

The International Standards Organization information security management certification ISO/IEC 27001:2013 is an internationally recognized information security management standard which ensures that a business has rigorous information security processes in place. Achieving the certification demonstrates that Grazitti is following international information security best practices.

HIPAA – Health Insurance Portability and Accountability Act

Health care privacy concerns are governed by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Clinical Health Act (“HITECH”) of 2009. The U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirements of HIPAA. The purpose of the Privacy Rule is to establish standards with respect to the confidentiality of an individual’s protected health information or PHI by entities which are subject to HIPAA.

PIMS – Personal Information Management System

Personal Information Management System, also called BS 10012 is a standard that’s been developed to help companies comply with the Data Protection Act, 1998. Organizations can improve their data storage protection by following the framework contained in the standard, which enables them to create a tailored system for managing personal information. In the United States, PIMS certification is known as PII “Personally Identifiable Information”.

SSAE 18 (SOC 1 TYPE 2, SOC 2 TYPE II)

SSAE 18, also called Statement on Standards for Attestation Engagements 18, is a regulation developed by the Auditing Standards Board (ASB) of American Institute of Certified Public Accountants (AICPA) for redefining and updating how service companies report on compliance controls. An SSAE 18/ SOC 1 Type II report is focused on the financial reporting controls of a company while SSAE 18/SOC 2 Type II report is an attestation standard that examines a business’s non-financial reporting controls.

Cloud Security

We understand how essential it is to carry out debugging processes and eliminate any potential security vulnerabilities. Taking this into consideration, we conduct automated as well as manual security analysis, and partner with third-party security experts to audit and safeguard the SearchUnify Cloud.

Employee Credibility

At Grazitti Interactive, we perform a thorough employee background check and regularly train them to uphold our information security standards and comply with our data security policies. Our industry certifications and compliance reports are a proof of our commitment to customer data security.

Incident Management

We adhere to stringent disaster management policies, conduct regular drills to make sure there is no security breach. If there is any—suspected or reported—we provide 24/7 support to ensure that it is resolved immediately.

Data Availability

Data availability is as important as data security. We take regular snapshots of content indexes and store them for backup. We maintain multiple servers with load balancers to make sure there are no downtimes.

Patch Management

We aim at constant betterment of the product. To make it happen, we push patches time & again to update the solution. Before a patch is deployed, it is subjected to rigorous testing under different conditions to ensure its efficacy so that your work continues without any hiccups.

Vulnerability Testing

Our Customer Agreement forbids you from delving into any kind of security, performance, vulnerability, and stress testing on the product without prior permission. We hold data security in highest regard and have a slew of security measures in place to safeguard it against all threats. In case you have any concerns, we’d be more than happy to address them.

Attending Dreamforce 2018? Let's Catch up!