Security Improvements for 2020

Ethnio is always looking to keep the data you share with us secure and private. That’s why we're working hard on our 2020 SOC 2 certification across the whole organization, expanded vulnerability management, new security policies, and more advanced penetration tests.  

Calendar Feed Security

There are two ways Ethnio has made improvements to calendar subscription feeds:

  1. Hiding personally identifiable information (PII): ensuring datasets that may contain PII do not fall into the wrong hands, and preventing inadvertent disclosure when sharing ICS links.
  2. Automatic token hashing: protecting access to your information with token refreshes. In the event of a security breach, this adds another level of protection to your information.


As a result of these security updates, the calendar feed for all active accounts will be reset after Oct 15, 2019, and all users will need to resubscribe to their personal calendars. Once you have resubscribed, this feature will work as before, updating dynamically, but with more protection for you and your participants.

If you’re a current Ethnio customer, please read these specific instructions here: https://help.ethn.io/hc/en-us/articles/203605750


Example of updated feed with hidden PII:



SOC 2 Compliance

Ethnio is currently SOC2 Type 2 compliant through our TierPoint-managed data center, and additionally, we're in the process of SOC 2 Type 1 & Type 2 assessments for the entire organization. This helps us get a handle on the number of security threats that continue to develop, and ensures that your data and your participants’ data is handled using the strictest guidelines. (Confirmation of Engagement Letter available upon request.)


Below is our scheduled timeline for SOC 2 Type 2 certification starting this month.


2019–2020 Cobalt Pentest Complete

 Ethnio has recently completed running due diligent pentests to locate and fix vulnerabilities in the system. These are hacker-powered penetration tests performed by a certified pentester. This helps us identify common weaknesses across the application and strengthen our entire security posture. The report below identifies path vulnerabilities and includes a risk summary of the issues that have been resolved. If you are interested in learning more about what a pentest is and how it's performed you can find more information here:  https://cobalt.io/pentest


New Incident Response Plan

Our new Incident Response Plan is documented to provide a well-defined, organized approach for handling any potential threat to computers and data. Such incidents include: breach of PII, denial of service, and virus or firewall breach. Once the severity has been assessed, Ethnio will respond accordingly to detect, contain, and permanently fix issues. We have also put in place periodic testing to help eliminate gaps. Read the full Incidence Response Plan here.




More from the Blog

Mastering Research Leadership from Meta and TripAdvisor with Loi Sessions Goulet, PhD

Learn about research leadership from Loi’s time at Meta, Tripadvisor, and now as principal at Sessions Research. Let’s get into it.

Exploring smart and ethical AI usage in UX Research Tools in 2024

With the AI craze in full swing, we were interested to discover which UX research tools use AI and how this revolutionary technology will impact the future of UXR. We found a few interesting use cases and one or two questionable (to say the least) UXR AI products.

Subscribe to Updates