Information security and data privacy
Protecting sensitive data in the digital age
Keeping your information safe
At Acrolinx, we prioritize a culture of vigilance. That means our commitment to protecting our customers’ data is strong. We’ve committed significant resources to maintain the security of data and information in several ways:
- Strict access controls
- Identity and access management
- Vulnerability management
We’ve designed the Acrolinx Platform to meet the needs of our many security-conscious customers. It’s built with rigorous controls that use modern technology, highly trained staff, and industry-leading partners. Independent and accredited third-party firms audit our work, so you can trust in its effectiveness and consistency.
Leading the way in security
To stay ahead, our experienced team of certified security professionals continually evaluate, improve, and evolve our security measures. We use our close collaboration with industry leaders and experts to keep our security architecture up to date with the latest technology advancements. We also routinely monitor our systems for vulnerabilities and proactively deploy patches and remediations. Constant improvement is a critical goal.
Information security and compliance
Acrolinx protects the availability, confidentiality, and integrity of all data. Our security program includes:
- Annual independent ISO 27001 Certification audit
- External third-party pen testing
- Static code analysis and vulnerability scanning
- Dynamic application testing
- 24×7 CSOC – Cyber Security Operations Center
- WAF – Web Application Firewalls
- Forced encryption at-rest and in-transit
- DDOS protection
We embrace the principles of data subject privacy and the compliant processing of personal information.
Under the oversight of our DPO, we process our customers’ personal data in accordance with Article 28 of the GDPR. We also routinely evaluate regulatory changes, so we have the right controls and processes to stay compliant.
Our Information Security competence and training program includes frequent, mandatory, general and specialized training for all employees.
Acrolinx employs a dedicated Information Security team:
- An (ISC)2-certified professional with CISO experience
- Two Certified Information Systems Security Professionals (CISSP®)
- A Certified Information Privacy Professional (CIPP/E)
- A Certified Ethical Hacker (CEH™)
- A TÜV certified Data Protection Officer
ISO 27001 certification
Acrolinx has undergone an independent third-party audit of our Information Security management system and has been awarded the ISO 27001 certification.
The ISO 27001 – the most internationally recognized standard for security – provides our customers with assurance and confidence that we’ve designed and implemented effective controls to adequately protect their data.
A-Lign, an independent ANAB-accredited firm trusted by more than 2,500 global organizations, conducted the comprehensive audit.
Download a copy of our ISO 27001 certificate HERE.
Amazon Web Services
We host our business-critical platform with AWS, which provides a global footprint, highly reliable services, and strong security controls.
We’ve partnered with Rackspace, the leading provider of expertise and managed services, to operate our cloud platform.
Rackspace holds ISO 27001 and PCI-DSS certifications, and undergoes annual SOC 2 type II audits.
Crowdstrike 24×7 CSOC
We protect all our Acrolinx servers with next-gen endpoint detection and response (EDR). This maintains real-time protection, response, and continuous telemetry to a 24×7 Cyber Security Operations Center (CSOC).
Security is a main pillar of our software development and QA philosophy. We use the Crashtest Security scanner as the primary vulnerability scanning tool to proactively detect any common application vulnerability. By making Crashtest Security a fully automated process within our SDLC, we test every release of the Acrolinx Platform.