Your security, safety, and privacy are our top priorities.
At Measurabl we take our responsibility to protect and secure your information seriously and strive for complete transparency around our security practices as detailed below.
Measurabl maintains and regularly reviews and updates its information security policies, at least on an annual basis. Employees must acknowledge policies on an annual basis and undergo additional training pertaining to job function. Training is designed to adhere to all specifications and regulations applicable to Measurabl and acquired companies.
Measurabl continuously monitors 140+ security controls across the organization using Drata, a security and compliance automation platform. Automated alerts and evidence collection allow Measurabl to confidently prove its security and compliance posture any day of the year while fostering a security-first mindset and culture of compliance across the organization.
Dedicated Information Security Team
Measurabl has a dedicated InfoSec Team, which focuses on application, cloud, and system security. This team is also responsible for security compliance, education, and incident response.
Measurabl follows secure coding guidelines and has procedures for static analysis of code, code review, and testing before any code gets released to production. Development, testing, and production environments are separated. All changes are peer reviewed and logged for performance, audit, and forensic purposes prior to deployment into the production environment.
Measurabl has a formal change control policy periodically reviewed, updated, and approved by management. We also have a change advisory board (CAB) and a change review process where changes are documented through a ticketing system and then reviewed for approval.
Measurabl performs automated hourly backups and employs a backup strategy to ensure minimum downtime and data loss. The Business Continuity Plan (BCP) is tested and updated on a regular basis to ensure its effectiveness in the event of a disaster.
Measurabl has a formal Incident Response Plan that is reviewed semi-annually. Periodic tabletop exercises are conducted to test the performance of the team response where gaps for improvement can be documented, as well as the strengths of Measurabl’s Incident Response Team.
If Measurabl learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under applicable country-level, state, and federal laws and regulations, as well as any industry rules or standards applicable to us. Measurabl is committed to keeping its customers fully informed of any matters relevant to the security of their accounts and to providing customers with all information necessary for them to meet their own regulatory reporting obligations.
Vulnerability Management and Penetration Tests
Measurabl maintains a documented vulnerability management program which includes periodic scans, identification, and remediation of security vulnerabilities. All networks, including test and production environments, are regularly scanned using trusted third-party vendors. We also conduct regular internal and external penetration tests and remediate them according to the severity of any results found.
Measurabl conducts background screening at the time of hire (to the extent permitted or facilitated by applicable laws and countries). In addition, Measurabl communicates its information security policies to all personnel (who must acknowledge this) and requires new employees to sign non-disclosure agreements, and provides ongoing privacy and security training.
Measurabl encrypts your data which aligns with industry-tested and accepted standards. We use AES 256-based encryption and TLS 1.2 to encrypt network traffic between users’ browsers and Measurabl’s platform. We also use AWS KMS (Key Management Service), which encrypts the data at rest.
Secure, Reliable Infrastructure
Measurabl uses Amazon Web Services (AWS) data centers for hosting. AWS data centers are monitored by 24×7 security, biometric scanning, video surveillance, etc.
Compliance and Certification
Measurabl is proud to announce that we have successfully completed the SOC 2 Type 2 and ISO 27001:2013 security audits.
Measurabl’s SOC 2 and ISO 27001 security audits will be an ongoing commitment to improving our privacy and security practices. That’s why we’ll renew the SOC 2 Type 2 certification yearly, so you know that your data is safe with us.
We are committed to GDPR compliance and offer information about our practices, sub-processors, and Data Processing agreements.
Privacy Shield certification means that Measurabl privacy and data collection practices have been reviewed and approved by an independent third-party based on the guidelines set forth by Privacy Shield for transparency, accountability, and choice regarding the collection and use of consumer personal information.