Precisely Trust Center
Let’s transform your relationship to power
better decisions built on trusted data.
Precisely: Your Trusted Partner
At Precisely, establishing trust in data is core to our delivery of data, and data integrity services and solutions – ensuring the accuracy, consistency, and reliability of information and processes.
Information security and data privacy are integral to all business functions across Precisely. Our dedicated Security, and Data Privacy teams are committed to keeping customer, company, partner, employee, and other private information safe and secure. Additionally, when we use emerging technologies, such as Artificial Intelligence, we do so responsibly and with clear purpose.
Security at Precisely
Policy
Precisely protects the personal and confidential data of customers, employees, and partners by implementing stringent security and privacy policies. Our Information Security Management System (ISMS) complies with ISO27001 standards, and we regularly review our systems against ISO 27001, CIS, SOC 2, and NIST frameworks, promptly addressing any risks or gaps identified.
Precisely’s InfoSec Risk Board and Executive Risk Board convene regularly to ensure that risks are identified, owned, and mitigated throughout the organization. Our Risk Boards also ensure effective communication between executive leadership and board members regarding any risks that exceed the company’s risk tolerance.
As part of our ISMS, a comprehensive policy framework has been instituted and implemented across the organization covering:
- Information Security
- Information Classification and Handling
- Access Control
- Asset Management
- Physical Security
- Acceptable Use
- Change Management
- Incident Management
- Business Continuity
- Risk Management
- Patching and Vulnerability Remediation
- Vendor Risk Management
- Software Development Lifecycle
Supporting Standards, Guidelines and Standard Operating Procedures ensure effective implementation and operation of the policies.
Administrative Safeguards
Background Checks
Employees at Precisely must pass background checks as permitted by local laws and sign a non-disclosure agreement before hiring. Each year, employees must confirm adherence to the Company Handbook, Code of Conduct, Data Privacy, and Information Security policies.
Security and Privacy Training
Upon hiring and throughout their tenure at Precisely, all employees must complete tested security and privacy training. This training encompasses safe data handling and classification, compliance with data privacy laws, security best practices, and adherence to company policies and standards.
Additionally, the company offers role-specific training tailored to security and privacy needs.
Incident Management
Precisely has established Incident Response Plans outlining the procedures for detecting, reporting, identifying, analyzing, and addressing security incidents that affect Precisely’s infrastructure and data under its management. These incident response plans are regularly tested and updated.
Data Breach Notification
If a data breach occurs, Precisely will adhere to its Incident Response Plan and meet its contractual obligations by informing partners and customers about incidents affecting their infrastructure and data connected with the Precisely services and products they use.
Third Party Risk Management
Precisely may use sub-processors to perform or deliver services. Sub-processors are only allowed access to customer data where needed to provide the services and shall be bound by written agreements that require them to provide strict levels of data protection as required by Precisely and applicable regulations. These agreements are no less stringent than the data protection levels afforded by the customer’s agreement with Precisely. A list of sub-processors we currently use to perform or deliver products and services is made available by Precisely at: https://www.precisely.com/legal/licensing/list-of-sub-processors.
Supplier evaluations are performed during onboarding and periodically, depending on risk exposure, to maintain strong data security and privacy practices. Any changes to vendor services or contracts require a security risk assessment to ensure no new or unexpected risks arise.
Technical Safeguards
Data Encryption
All customer data held by Precisely is encrypted in transit and at rest. Precisely uses industry-standard encryption algorithms and protocols, such as AES-256, TLS 1.2, and HTTPS, to protect data from unauthorized access, disclosure, or modification. Precisely also implements encryption key management best practices, such as periodic key rotation, secure storage, and access control, to ensure the confidentiality and integrity of encryption keys.
Information Classification and Handling Policy
Precisely has an Information Classification and Handling Policy for data labeling and retention. Platforms use built-in rules when applicable, and employees follow secure data removal guidelines upon service termination. Precisely adheres to NIST standards for permanent data deletion.
Backup and Recovery
Precisely has implemented backup and recovery policies for all essential systems. The frequency of backups varies depending on the nature and significance of the data and the underlying repositories. Whenever feasible, highly available, resilient, and redundant systems, services, and components are employed to enable automated failover. Precisely conducts regular, secure tests of backup and recovery processes for both data and supporting systems.
Vulnerability Remediation
Precisely has established a Patching and Configuration policy aimed at identifying and addressing vulnerabilities based on their associated risks. We employ several integrated management frameworks to oversee code, services, and systems, ensuring that vulnerabilities are evaluated and mitigated.
Intrusion and Malware Protection
Precisely has implemented a defense in depth strategy to protect company assets from intrusions and malware. This strategy involves multiple layers of security controls across the network, the endpoint, the application, and the data. Precisely uses centralized solutions to monitor and alert on the status and performance of these controls, and to detect and respond to any potential security incidents.
Data Protection
Precisely implements multiple data security controls to ensure data is secure throughout its lifecycle. These controls include DLP (Data Loss Prevention), data profiling, and data governance technologies to prevent unauthorized data access, disclosure, or modification. Precisely also applies end point controls, such as encryption, antivirus, firewall, and device management, to protect data on devices that access or store data. Additionally, Precisely ensures data integrity by using checksums, digital signatures, and audit trails to verify data authenticity and detect any tampering or corruption.
Logging & Monitoring
Precisely has a process in place to log, monitor, and respond to events and anomalies in its systems and solutions. Precisely has deployed centralized non-repudiable logging and monitoring solutions to identify and investigate possible security events and track anomalous behavior. Dedicated and centralized SIEM (Security Info & Event Management) platforms allow for Precisely and its partners to proactively identify events and respond to incidents.
Identity & Access Control
Access to corporate data is limited according to the principle of least privilege, using login credentials and time-restricted access for Precisely personnel who need it to fulfil their roles.
Additionally, Precisely employs various access controls, including Multi-Factor Authentication, Single Sign-On, Mobile Application Management (MAM), stringent password requirements, and restricted access to administrative accounts.
Precisely’s solutions also support role-based access controls, enabling customers to create roles with the minimum necessary privileges for specific tasks.
Security Operations Center
Precisely ensures continuous monitoring of its infrastructure all year round. Together with its partners, the company adopts a proactive stance on threat hunting and responds swiftly to security incidents.
Physical Safeguards
Workplace Security
Precisely enforces strict access controls using electronic systems and alarms, allowing entry only to authorized personnel. Visitor registration, escort policies, and surveillance, ensure monitored access. Offices are equipped with fire suppression, detection systems, clear emergency exits, and evacuation routes. Health and safety measures comply with local laws and industry best practices. For remote access to corporate data and systems, Precisely requires the use of VPN connections, endpoint security software, and encryption of data in transit and at rest.
Data Center Security
Precisely processes and stores customer data in data centers located within geographic regions that meet regulatory requirements. These Tier 1 facilities and service providers are certified in SOC 2, HIPAA, PCI DSS, and ISO 27001, among others.
Frameworks
Precisely evaluates its SaaS, hosted, and external services against SOC 2 trust principles annually through an independent third-party assessor. All current SaaS products have attained SOC 2 Type 1 or Type 2 and HIPAA HITECH assessments in 2022/2023.
Precisely information security and control framework aligns to ISO 27001 and NIST CSF standards. The organization earned ISO 27001:2013 certification for its SaaS and hosted offerings in 2022/2023.
Product Security
Secure Design Principles
Precisely products and services follow secure design principles throughout their development and deployment. Precisely adopts a Secure Software Development Lifecycle that is based on the OWASP methodologies where applicable. The company performs automated and manual scanning of code and artifacts to identify and fix defects and vulnerabilities. Precisely also conducts regular internal and external penetration testing to assess the security posture of its products and services. Precisely DevOps systems and processes ensure the core pillars of information security: Confidentiality, Integrity and Availability.
Precisely Service Status
System Status
Precisely continuously monitors its customer services internally and through 3rd-party services. Find service status, updates, and maintenance announcements here: https://status.precisely.com/
Service Level Agreement (SLA)
Precisely provides on-premise, hosted, and SaaS products as well as managed and professional services as part of its solutions. SaaS and hosted services platforms are continuously monitored for performance and availability. Support SLAs are defined and tracked for all offerings. The SLA for our DI Suite SaaS product is here: www.precisely.com/dis-sla, and the SLA’s for other Precisely SaaS products can be found here: www.precisely.com/availability
“Privacy is the cornerstone of integrity and trust in the digital age. At Precisely, safeguarding personal data and respecting privacy is our highest priority.”
Susan Ndongwa Fletcher Chief Privacy OfficerData Privacy
Your Data is Meant to be Protected
This Trust Center section provides an overview of Precisely’s privacy practices, policies, and controls that regulate our handling of personal data.
Commitment to Privacy
Precisely’s commitment to data integrity and trust in data extends to ethical data stewardship. That means we continually advance our products and services to protect data and help our customers meet their privacy obligations.
Privacy Today
We live in an era of complex privacy legislation and requirements that vary by state and country. In the US alone, numerous new state privacy laws have come into force, which include expanded definitions of personal data, new rights (e.g., to opt-out of data sharing and profiling, to limit the use of sensitive personal information, to rectify, and to appeal) and robust penalties for non-compliance.
These new requirements, along with the existing obligations under the GDPR, CCPA, and other laws, impact businesses, because individuals have expanded privacy rights, and organizations have increased obligations to properly handle and protect personal data. As a result, organizations must clearly understand how they process and protect personal data across the data lifecycle.
Privacy Rights Requests
We provide various ways to exercise privacy rights including accessing personal data, opting-out of the sale or sharing of personal data and more via our Privacy Rights WebForm. You can read more about our privacy practices in our Global Privacy Notice.
Data Privacy Priorities
We have adopted the NIST Privacy Framework, an industry recognizable standard for identifying, assessing, and managing privacy impacts, to support data governance, ensure privacy considerations are integrated into product and service design, and to support responsible data handling and alignment with privacy regulations.
The following priorities promote privacy compliance and accountability across all our business units and processes.
- A comprehensive privacy framework: Our data privacy framework includes core pillars ranging from Privacy-by-Design and Default to Training & Awareness to Privacy Ethics.
- A central global privacy office: Our global privacy office comprises professionals fully dedicated to privacy and strategically positioned within our senior leadership to promote top-down, agile implementation and awareness of our privacy and data governance framework across the enterprise.
- Privacy policies and practices: Our employees are required to adhere to a number of policies and procedures governing the responsible handling of personal data.
- Transparency, notice and choice: The Precisely Global Privacy Notice applies to the personal data we may obtain through our various online and offline channels, as well as from third-party sources.
- Technical and Organizational measures: Precisely has adopted technical and organizational measures for the processing of personal data in its SaaS platforms to support its responsibilities to protect individuals’ privacy. Precisely’s policies and measures support the principles of data protection by design and by default through this technical and organizational measures framework. Precisely implements and assesses both technical and organizational measures to ensure the confidentiality, integrity, availability, and resilience of its processing of personal data.
- Reviews: We have built into our business model, reviews and audits to ensure that we continue to assess compliance with global data privacy laws and ethical data stewardship. At Precisely, we take data privacy seriously and we aim to design our products and offerings to facilitate responsible management of data and empower our customers to be ethical stewards of their personal data.
Precisely Data Processing Addendum
At Precisely, we know that upholding the privacy and security of our customers’ data is vital to earning and maintaining your trust. As part of this commitment, we strive to offer our customers the mechanisms they need to comply with regulatory requirements. If and to the extent Precisely processes any customer personal data in connection with the provision of Precisely products and services, the terms of the Precisely Data Processing Addendum (DPA) shall apply. The DPA is an addendum to the terms which govern the products and/or services which our customers subscribe to and memorialize our commitment to data privacy and security compliance. Our DPA includes the latest set of General Data Protection Regulation (GDPR) standard contractual clauses (SCCs) for the transfer of personal data outside of the EU/EEA.
For more information on Precisely’s DPA, please see the following resources:
- Precisely DPA: https://www.precisely.com/legal/licensing/data-protection-addendum
- Precisely DPA FAQ: https://www.precisely.com/legal/licensing/precisely-data-processing-addendum-faqs
Our Commitment to Sensitive Location Privacy and Ethical Use of Data
Precisely PlaceIQ has a long-standing commitment to sensitive location privacy for consumers. We believe that individuals should be able to enjoy the benefits of location-based experiences, advertising, and offers which align with their preferences, without compromising data about where they seek healthcare, debt services, worship or any other place which may reveal sensitive information about them. As part of this commitment, we have implemented a number of internal data governance controls including the establishment of a Sensitive Location Data Program , to ensure sensitive location data is excluded from our products and services.
We have voluntarily adopted the NAI’s Enhanced Standards which prohibit the use of, selling, or sharing of information about device or user activity correlated to a known sensitive location.
For more information about Precisely PlaceIQ’s data privacy practices, please see the Precisely PlaceIQ Product Privacy Notice.
Responsible Use of AI
Our Commitment to the Responsible Use of AI
At Precisely, we are committed to the responsible use of Artificial Intelligence (AI) and other emerging technologies to empower our customers, partners, and personnel to work smarter, faster and make more informed, confident decisions.
We have established AI principles and best practices to guide our product development and underscore our commitment to you—our customers, as responsible stewards within our industry. When we use AI, we strive to do so in a way that is designed to be consistent with the principles of accountability, fairness, transparency, and trustworthiness.
Your Use of Our AI Solutions
The responsible use of AI systems is a shared responsibility between Precisely and our customers . Therefore, your use of our AI solutions is subject to our AI responsible use policies and applicable laws. This ensures that the use and operation of AI systems is done safely, ethically, and in line with societal values.