Leadership Connect maintains its reputation for providing accurate and trustworthy information through a variety of means, including a comprehensive information security management framework supported by a wide range of security policies, standards and practices. This is a summary of Leadership Connect’s approach to information security and data privacy. It is designed to answer questions our customers regularly ask to satisfy security requirements.
Leadership Connect has been audited by a third-party organization under the AICPA SOC 2 Type 2 security compliance standard. The audit was conducted on application security controls, which covers operational control systems that follow the predefined trust services principles and criteria.
Leadership Connect Service
Leadership Connect is a people intelligence solution empowering individuals and organizations to create valuable relationships. Our client’s value the importance of having first-class intelligence, and use Leadership Connect to:
- Identify and understand who the decision-makers are and how to best connect.
- Expand existing relationships by knowing who the decision-makers are and the people they maintain relationships with—professionally and personally.
- Develop meaningful relationships across public and private entities.
- Monitor the organizations, people and positions that matter.
- Save time, money and valuable resources.
Physical and Environmental Security
Leadership Connect is hosted in Amazon Web Services (AWS) secure data centers that maintain a sophisticated set of physical and environmental security controls, including:
- Restricted and controlled physical access.
- Professional security staff.
- Video surveillance.
- Intrusion detection systems.
- Authorized staff must pass two-factor authentication a minimum of two times to access data center floors.
- See AWS Security Whitepaper for more details: https://docs.aws.amazon.com/pdfs/whitepapers/latest/introduction-aws-security/introduction-aws-security.pdf
Policies and Standards
- Information Security Policies and Standards are reviewed and approved by senior management annually.
- Employees are required to review and accept all published Security Program Policies and Standards.
Access Control
- Leadership Connect restricts employee access to production systems and customer stored data by limiting access to those with a specific business need.
- Customer stored data is encrypted at rest and is only accessible with valid customer credentials.
- Role-based access controls ensure appropriate access rights, permissions, and segregation of duties.
Resilience
- Leadership Connect has established a sophisticated framework based on industry accepted standards which are designed to support recovery should a disruptive incident occur.
- AWS data centers are built with electrical power systems designed to be fully redundant and maintainable without impact to operations and include automatic fire detection and suppression. AWS monitors electrical, mechanical, and life support systems and equipment so that any issues are immediately identified.
- The Leadership Connect Service is deployed to an AWS region consisting of multiple Availability Zones. Each Availability Zone is designed as an independent failure zone. Data is replicated between the different Availability Zones for high availability.
- Data servers are continuously backed up.
Training & Awareness
Employees and contractors with access to Leadership Connect’s systems are required to complete security awareness training annually.
Vulnerability Monitoring
- Leadership Connect utilizes an external Penetration Testing service to perform tests on the entire Service on no less than a weekly interval.
- The entire Service is continuously scanned by industry standard third-party security tools.
Application Security
- Leadership Connect has a formal change management process that is performed by authorized personnel.
- Leadership Connect utilizes secure practices within the agile methodology as part of the Software Development Life Cycle.
- Development staff are required to complete security training, with a focus on best practices and OWASP Top 10 security risks. The security program promotes secure design, development, and testing best practices.
- Leadership Connect system engineers are staffed 24/7/365 to ensure the security and availability of the Service.
Device Security
Servers and Systems
Leadership Connect’s security professionals have implemented advanced anti-malware, network Intrusion Detection System and Intrusion Prevention System solutions across our fleet of devices to monitor and defend the environment.
Employee Workstations and Devices
Managed internal services endpoints at Leadership Connect are protected by a sophisticated malware protection solution. Signature deployments are run at least daily to internal technology services assets.
Data Privacy
- Leadership Connect Privacy Policy is available at: https://www-leadershipconnect-io.fls.idm.oclc.org/privacy-portal/
- Leadership Connect data is stored exclusively in the United States.
Secure Authentication
- Two-factor authentication is required for all employee access to Leadership Connect’s systems and devices.
- Password-less and delegated single sign-on (SSO) authentication is available for access to the Service.
- Data is always transferred via SSL2 encrypted connections.
Encryption
- All data in transit is encrypted using 2048-bit TLS certificates.
- Customer data at rest is encrypted using AES 256-bit key encryption.
- Customer data is segregated by unique customer-specific encryption keys.
Cloud Security
- JupiterOne is our Cyber Asset Attack Surface Management (CAASM) solution that our security teams utilize to monitor and management all assets in a single unified view.
- AWS Guard Duty continuously monitors for malicious or unauthorized behavior.
- Amazon Inspector provides an automated security assessment for vulnerabilities or deviations from best practices.
- Network traffic is secure and isolated through the use of AWS Virtual Private Cloud (VPCs), Public/Private subnets, Network Access Control Lists (NACLs), and security groups.
- AWS Web Application Firewall helps protect against common web exploits.
- Logging, monitoring, and alerting are implemented to assist in the detection of unauthorized use and produce an audit trail.