data security the whole organization can rely on
The inriver platform has data protection at its core, allowing our customers to focus on growing their business, not worrying about data security.
one secure platform for all your data management processes
In the digital world, data is a foundational asset whether it’s related to your products, your customers, or your business. That’s why robust data security is such a fundamental requirement of an advanced PIM platform. To meet the evolving needs of our customers, inriver is committed to constantly evolving our platform to ensure your data is always protected against whatever tomorrow brings.
inriver is SOC 2 Type II compliant
The inriver PIM platform has been SOC 2 Type II compliant since 2021.
SOC 2 (standing for Service and Organization Controls) is a security and compliance standard for service organizations developed by the American Institute of Certified Public Accountants (AICPA). The framework defines requirements to manage and store customer data and is developed around five Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.
SOC 2 Type II compliance was established to help mitigate the ongoing security challenges organizations like inriver face. Unlike SOC 2 Type I compliance, which focuses on a point-in-time review, SOC 2 Type II reports on the effectiveness of a service organization’s controls over a defined period. Inriver received an unqualified report, indicating full compliance and no exceptions or advisory comments.
inriver is part of the Microsoft Azure ecosystem
The inriver platform is part of the Microsoft Azure ecosystem, giving our customers the many benefits of this ecosystem:
- The clear security and privacy requirements of a highly recognized industry leader,
- An extensive set of international and industry-specific compliance standards,
- The ability to build connectors that take advantage of other Azure services within an existing network, is facilitated by Microsoft’s expansive development toolkit, advanced workloads, and core infrastructure.
inriver data security: 10 frequently asked questions
which PII (Personally Identifiable Information), or other sensitive or confidential information, is required to provide the inriver PIM service?
The inriver PIM uses only limited personal data (i.e., name and email address) for unique login and roles/permissions assignment. To provide the inriver PIM service there is no need to store, process or transmit any sensitive personal data (such as Social Security Numbers, PCI data, etc.).
is customer data encrypted in the inriver PIM?
Yes. All data is encrypted at-rest and in-transit by default. The inriver PIM service is encrypted in-transit with at least TLS 1.2, and at-rest with at least AES 256, including redundant backups.
does inriver have a dedicated information security leader or security team?
Yes. Inriver has a dedicated Security and Compliance team that is led by the CISO (Chief Information Security Officer).
do inriver’s information security and privacy policies align with industry standards (such as SOC 2, ISO-27001, NIST Cyber Security Framework, ISO-22307, CoBIT, etc.)?
Yes. Inriver is SOC 2 Type II compliant.
does inriver provide SOC 2 reports or similar to customers?
Yes. Our recent SOC 2 Type II report is available upon request via the Trust Center and requires the signing of a Non-Disclosure Agreement (NDA).
does inriver perform penetration testing and vulnerability scanning?
Yes. Inriver engages an independent third-party company to perform penetration testing on an annual basis. Vulnerability scans are performed on at least on a weekly basis.
does inriver have solutions in place for logging, alerting, and responding to relevant security events?
Yes. The inriver PIM leverages Microsoft Azure native solutions for Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP), and Security Information and Event Management (SIEM).
Inriver also uses a Managed Security Services Provider (MSSP) / Managed Detection and Response (MDR) company that provides 24/7 SOC (Security Operation Center) continuous security monitoring and threat remediation. For more information, read the inriver Trust Center datasheet.
does inriver have a tool in place to monitor secure coding practices and to assess third-party (or open-source) libraries?
Yes. There is a static code analysis tool in place that provides reports on vulnerabilities in the source code and as well as third-party (or open source) libraries. The tool also checks code quality and provides suggestions for improvements.
how are users authenticated in the inriver PIM?
Users are authenticated via a basic username and password or SSO (Single Sign-On). For SSO, inriver supports SAML 2.0. This allows us to work with, for example, AD, Azure AD, Okta, and others.
does inriver vet and manage subcontractors or third parties?
Yes. inriver has a rigorous risk assessment process for evaluating and approving all subcontractors or third parties. For more information, visit the inriver Trust Center.
want to see the inriver PIM in action?
Schedule a personalized, guided demo with an inriver expert today to see how the inriver PIM can get more value from your product information.