Ethnio is always looking to keep the data you share with us secure and private. That’s why we're working hard on our 2020 SOC 2 certification across the whole organization, expanded vulnerability management, new security policies, and more advanced penetration tests.
Calendar Feed Security
There are two ways Ethnio has made improvements to calendar subscription feeds:
- Hiding personally identifiable information (PII): ensuring datasets that may contain PII do not fall into the wrong hands, and preventing inadvertent disclosure when sharing ICS links.
- Automatic token hashing: protecting access to your information with token refreshes. In the event of a security breach, this adds another level of protection to your information.
As a result of these security updates, the calendar feed for all active accounts will be reset after Oct 15, 2019, and all users will need to resubscribe to their personal calendars. Once you have resubscribed, this feature will work as before, updating dynamically, but with more protection for you and your participants.
If you’re a current Ethnio customer, please read these specific instructions here: https://help.ethn.io/hc/en-us/articles/203605750
Example of updated feed with hidden PII:
SOC 2 Compliance
Ethnio is currently SOC2 Type 2 compliant through our TierPoint-managed data center, and additionally, we're in the process of SOC 2 Type 1 & Type 2 assessments for the entire organization. This helps us get a handle on the number of security threats that continue to develop, and ensures that your data and your participants’ data is handled using the strictest guidelines. (Confirmation of Engagement Letter available upon request.)
Below is our scheduled timeline for SOC 2 Type 2 certification starting this month.
2019–2020 Cobalt Pentest Complete
Ethnio has recently completed running due diligent pentests to locate and fix vulnerabilities in the system. These are hacker-powered penetration tests performed by a certified pentester. This helps us identify common weaknesses across the application and strengthen our entire security posture. The report below identifies path vulnerabilities and includes a risk summary of the issues that have been resolved. If you are interested in learning more about what a pentest is and how it's performed you can find more information here: https://cobalt.io/pentest
New Incident Response Plan
Our new Incident Response Plan is documented to provide a well-defined, organized approach for handling any potential threat to computers and data. Such incidents include: breach of PII, denial of service, and virus or firewall breach. Once the severity has been assessed, Ethnio will respond accordingly to detect, contain, and permanently fix issues. We have also put in place periodic testing to help eliminate gaps. Read the full Incidence Response Plan here.