Legal

Enterprise Security

Anzen helps HR leaders and company executives have visibility into company risks by analyzing data from business systems and translating the data into actionable insights to resolve those risks. We recognize the obligation that comes with handling critical customer data, and we work closely with our customers and partners to ensure the data we process is protected using world-class Information Security standards.

Anzen's Information Security Philosophy

The Anzen information security program is anchored on the principles of the NIST Cybersecurity Framework. Information Security is ingrained into the culture of the company, from hiring and onboarding policies, through our daily activities at Anzen, through our processes to design, develop, and operate our software.

I. Securing our Data

All data provided to Anzen is encrypted at rest and in transit within the Anzen environment. To exercise data protection we follow several policies to protect our customer data from loss, misuse, or unauthorized access, including but not limited to the following measures:

Restrict and monitor access to sensitive data
Develop transparent data collection procedures
Train employees in online privacy and security measures
Build secure networks to protect online data from cyberattacks
Establish clear procedures for reporting privacy breaches or data misuse
Establish data protection practices (document shredding, secure locks, data encryption, frequent backups, access authorization etc.)

Anzen successfully completed the AICPA Service Organization Control (SOC) 2
Type II audit. The audit confirms that Anzen Technologies, Inc’s information security practices,
policies, procedures, and operations meet the SOC 2 standards for security.

Anzen Technologies, Inc was audited by Prescient Assurance , a leader in security and compliance certifications for B2B, SAAS companies worldwide. An unqualified opinion on a SOC 2 Type II audit report demonstrates to Anzen's current and future customers that they manage their data with the highest standard of security and compliance.

II. Key partnerships

We strive to ensure that any third-party vendors or suppliers meet or exceed our expectations for security and privacy controls. We perform strict third-party risk analyses and only partner with vendors with the strictest security controls, such as Amazon AWS.

IV. Responsible disclosure

We take the security of our systems seriously, and we value the work of the security community. The disclosure of security vulnerabilities to Anzen helps us keep information secure, subject to the following guidelines:

Please make any disclosures to security@anzen.com
Make every effort to avoid privacy violations, violation of licensing terms, degradation of user experience, disruption to production systems, and destruction of data during security testing.
Keep information about any vulnerabilities you’ve discovered confidential between yourself and Anzen for 90 days to allow for an opportunity to resolve the issue.