Whatfix Security
Your Security Is Our Priority
At Whatfix, the security of our products and associated services always remains a top priority. Our Customer first approach ensures that we remain committed to safeguarding customer information. Whatfix leverages best in class technologies and processes for ensuring Data security, for maintaining and supporting Customer needs in various regulatory compliance requirements including but not limited to Privacy. Check out the resources on this page to learn how to create and optimize your company’s employee onboarding process.
Security
In line with one of our core Organizational Principles of Trust, we leverage best in class Technologies, Processes and Partners to achieve this goal.
Confidentiality
Secured Role based Access, Encryption and Anonymization are some of the various methods we employ to ensure Confidentiality of Our Customer Data.
- Role-based access
- Minimal collection of data
- Encryption
Availability
Redundancy, resilience, and the ability to scale at ease are baked into the architecture of our Platform to ensure the availability of Whatfix to our Customers.
- Disaster Avoidance is one of the cornerstone of the design of our platform Application and infrastructure
- Clustering of services or nodes ensure that Whatfix continues to serve its Customers even if there are more than one failures to the nodes or components. Thus, avoiding single point of failures.
- Whatfix Business continuity program ensures that our Plans are tested at least once annually and upon significant change in infrastructure.
Data Integrity
At Whatfix we have implemented change controls, elaborate logging and round the clock monitoring of all actions and activities in the production environment to enable us to provide adequate assurance to our customers on the Integrity of their data at Whatfix.
- Change control
- Logging
- Monitoring
- SRI
- Digitally sign all executables
Vulnerability Disclosure Program and Third Party Penetration Tests
- Whatfix has its own Vulnerability Disclosure program which is handled by the internal Infosec team.
- At least once Annually a reputed third party is engaged for carrying out Infrastructure and Application Penetration tests.
Compliance
Whatfix complies with all applicable regulations and legislations of Geographies and business verticals it operates and provides services in.
Regulatory Compliance
As a leading Digital Adoption Platform provider and a partner to our clients to protect their data, it is imperative we remain cognizant of all regulatory requirements applicable to the type of data and the regulatory body. Whatfix compliance team is committed to ensuring that our Customers remain assured of our data handling and protection practices more than meet the respective regulatory requirements.
Our certifications/attestations include:
Available only for Whatfix Customers. Please reach out to your respective CSM.
Available only for Whatfix Customers. Please reach out to your respective CSM.
Available only for Whatfix Customers. Please reach out to your respective CSM.
Available only for Whatfix Customers. Please reach out to your respective CSM.
Available only for Whatfix Customers. Please reach out to your respective CSM.
Privacy
Whatfix believes in remaining transparent with its clients on data collection. As a service provider, we allow our Customers to choose the Personal data that our Platform captures. Clients can also choose not to send any Personally Identifiable Information of their Users and still continue to leverage Whatfix in their Application adoption journeys.
Data localization
Whatfix offers its services from 2 geographic locations viz. EU and the USA, customers can choose to subscribe to any of the 2 data centers depending on their data localization needs.
Data retention
Whatfix retains its Customer data on the platform for a period of 2 years post termination of the engagement, Customers can choose to have the data deleted anytime during and after the period of subscription.
Data handling
Whatfix safeguards the customer data by implementing industry best technical controls and processes such as role based access control, encryption, anonymization etc.
Whatfix can sign Data processing agreements that incorporate the “New” Standard Contractual Clauses as prescribed in EU GDPR with Customers.
Vulnerability Disclosure Program (VDP)
Dear security researchers and esteemed members of the security community, Whatfix is excited to invite you to put your skills to the test and help us secure our primary publicly-facing web assets.
Experience the Benefits of Whatfix Today