Security Improvements for 2020

Safeguard your data with Ethnio's latest SOC 2 certification, improved vulnerability management, updated policies, and advanced penetration testing.

Calendar Feed Security

There are two ways Ethnio has made improvements to calendar subscription feeds:

  1. Hiding personally identifiable information (PII): ensuring datasets that may contain PII do not fall into the wrong hands, and preventing inadvertent disclosure when sharing ICS links.

  2. Automatic token hashing: protecting access to your information with token refreshes. In the event of a security breach, this adds another level of protection to your information.


As a result of these security updates, the calendar feed for all active accounts will be reset after Oct 15, 2019, and all users will need to resubscribe to their personal calendars. Once you have resubscribed, this feature will work as before, updating dynamically, but with more protection for you and your participants.

If you’re a current Ethnio customer, please read these specific instructions here: https://help.ethn.io/hc/en-us/articles/203605750


Example of updated feed with hidden PII:



SOC 2 Compliance

Ethnio is currently SOC2 Type 2 compliant through our TierPoint-managed data center, and additionally, we're in the process of SOC 2 Type 1 & Type 2 assessments for the entire organization. This helps us get a handle on the number of security threats that continue to develop, and ensures that your data and your participants’ data is handled using the strictest guidelines. (Confirmation of Engagement Letter available upon request.)


Below is our scheduled timeline for SOC 2 Type 2 certification starting this month.


2019–2020 Cobalt Pentest Complete

 Ethnio has recently completed running due diligent pentests to locate and fix vulnerabilities in the system. These are hacker-powered penetration tests performed by a certified pentester. This helps us identify common weaknesses across the application and strengthen our entire security posture. The report below identifies path vulnerabilities and includes a risk summary of the issues that have been resolved. If you are interested in learning more about what a pentest is and how it's performed you can find more information here:  https://cobalt.io/pentest


New Incident Response Plan

Our new Incident Response Plan is documented to provide a well-defined, organized approach for handling any potential threat to computers and data. Such incidents include: breach of PII, denial of service, and virus or firewall breach. Once the severity has been assessed, Ethnio will respond accordingly to detect, contain, and permanently fix issues. We have also put in place periodic testing to help eliminate gaps. Read the full Incidence Response Plan here.




More from the Blog

Ethnio's 2024 Year in Review

Wrapping up the year with key milestones, and enabling better Research Ops for the future. Let’s celebrate the awesome work of our customers and lay the groundwork for 2025.

What’s new in the world of Research Ops roles?

Exploring the latest trends in job titles and why these roles are essential in modern research teams—with firsthand insights from industry experts.

Subscribe to Updates