Identity Automation’s Approach to Compliance & Security
COMPLIANCE*
*Compliance descriptions shown are specifically for RapidIdentity Cloud deployments.Protecting your data is paramount in today’s business climate. At Identity Automation, we’re committed to your success. Our ability to deliver continuous innovation, unmatched customer support, and the best value in the industry that has led to an unmatched record of customer success. Our team has been helping customers meet compliance standards since 2004, with over 1,000 successful implementations and renewal rates of over 98%. Learn more about Identity Automation’s Compliance and Certifications for the following standards.
VPAT
A Voluntary Product Accessibility Template (VPAT) is a document that allows your company or organization to provide a comprehensive analysis of conformance to accessibility standards set by Section 508 of the Rehabilitation Act.
FERPA
The Family Educational Rights and Privacy Act (FERPA) is a federal law that affords parents the right to have access to their children’s education records, the right to seek to have the records amended, and the right to have some control over the disclosure of personally identifiable information.
COPPA
The Children’s Online Privacy Protection Act (COPPA) is a law that requires parental consent for the collection or use of any personal information of young Web site users (13 and under).
SOC II
A SOC 2 Type 2 report is a report that captures an organization’s internal safeguards for customer data stored in the cloud as well as a measure of safeguard effectiveness.
CJIS Security Policy
CJIS Security Policy sets standards for data security and encryption for criminal justice and law enforcement entities.
WCAG
The Web Content Accessibility Guidelines (WCAG) 2.0 provide recommendations for making Web content more accessible.
HECVAT
The HECVAT is a questionnaire framework specifically designed for higher education to measure vendor risk.
TX-RAMP
The Texas Risk and Authorization Management Program (TX-RAMP) is a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services that process the data of a state agency. Identity Automation achieved provisional status in 2022 and is anticipating full certification in 2023 after achieving StateRAMP status.
NY 2 ED
NY Education Law 2-D was enacted to foster privacy and security of personally identifiable information (PII) of students and certain PII related to classroom teachers and principals.
SECURITY & VULNERABILITY PROCESS
At Identity Automation, we take the security of the service offering very seriously. We know your organization relies on us to protect the integrity of your Identity & Access solution. Protection begins with the way we develop our products and services and is codified in our Secure Software Development Lifecycle. Our process incorporates rigorous thought from the inception of a feature to its deployment – we incorporate many defense-at-depth practices – including architectural & design review, peer review, threat modeling, tabletop exercises, security analysis in our code integration and deployment pipelines as well as internal & external penetration testing. This rigorous and continual process is designed to provide you with the highest level of assurance regarding our services. If you have any questions or concerns feel free to contact us at [email protected]. We are happy to field any questions about our defense at depth practices as well as any reports of vulnerabilities in the solution.