Security & Compliance

To ensure the requirements of customers and regulators are met, Retail Insights completes multiple audits, assessments and compliance requirements—including rigorous third party network and system penetration tests.

Why SOC 2 Type II Compliance Matters

SOC 2 is a technical audit that requires companies to establish and follow strict information security policies and procedures. 

A SOC II Type 2 compliant service must follow these five “trust service principles” when managing customer data:

Security

System resources must be protected from unauthorized access or improper disclosure of information. To secure access, organizations can implement security tools such as two-factor authentication, web application firewalls (WAFs), Cloud VPNs and Software-Defined Perimeters (SDPs).

Confidentiality

Confidential data must be hidden from unauthorized persons or organizations. Network and application firewalls along with access controls are essential for safeguarding sensitive data. Additionally, encryption can be used to protect confidentiality during transmission.

Availability

Accessibility of the system is determined by a contract or service level agreement (SLA). While this doesn’t apply to system functionality, it does require network performance to be monitored, including security incidents, site failover and other security-related issues that may affect availability.

Privacy

Organizations must meet privacy standards that address the collection, use, retention, disclosure and disposal of personal information in accordance with the AICPA’s Generally Accepted Privacy Principles (GAPP).

Process Integrity

To achieve processing integrity, the system must provide efficient data processing by delivering complete and valid information to the right place at the right time. By monitoring data and implementing quality assurance, organizations can begin to ensure processing integrity.

Some of the things we do to protect your data:

Enterprise Cybersecurity Program

Retail Insight’s cybersecurity program includes, but is not limited to the following:

  • Installation and updates of anti-malicious software on all devices and systems

  • Multi-factor authentication for all software applications and systems

  • VPN protection for all systems and data

  • Procedures for workforce members to report suspected or confirmed malware

  • Plans for recovering from cyberattacks in accordance with our Disaster Recovery Plan

  • Software that examines electronic mail attachments and downloads before they can be used on internal devices and systems

  • Annual Penetration testing and quarterly vulnerability testing for all networks, servers and software

  • Real time monitoring that includes 24 / 7 / 365 server, network and endpoint detection and response monitoring to prevent, detect and mitigate cyberattacks.

Cybersecurity Training and Awareness

According to the FBI, phishing was the most common type of cybercrime in 2020, with more than 11 times as many phishing complaints in 2020 as compared to 2016.  74% of organizations in the US experienced a successful phishing attack in 2020.  To mitigate the risk of malware, ransomware gaining access to Retail Insights IT environment, RI provides training and awareness to its workforce members as to how to detect malicious software.  

 

Quarterly awareness training for workforce members includes the following topics:

  • how to identify phishing emails

  • how to report potentially dangerous software

  • how to discover malicious software fraud

  • how to handle email attachments that may contain malware or ransomware

  • how to use anti-virus software appropriately

Security Reporting and Response 

All workforce members undergo training in Incident Response and Reporting procedures. If a workforce member observes or suspects any type of suspicious, abnormal, or unauthorized activity that threatens the confidentiality, integrity, or availability of our information, or any activity that compromises, or is likely to compromise customer or employee personal information, especially Sensitive Information, whether through unauthorized disclosure, access, or destruction, the workforce member are trained on the appropriate response. 

External Testing of Security Controls

To ensure that Retail Insight's cybersecurity controls program governance is consistently performing optimally, each year Retail Insights reviews the effectiveness of its controls over security, availability, processing integrity, confidentiality, and privacy via SOC reports based on the principles in the American Institute of Certified Public Accountants (AICPA) TSP Section 100, Trust Services Principles for Security, Availability, Processing Integrity, Confidentiality, and Privacy. 

 

Retail Insights SOC 2 Type 2 Report is current as of July 11, 2022 and is available to current and prospective customers upon request and NDA.

Contact

Like what you see? Get in touch to learn more.

  • Facebook
  • Twitter
  • LinkedIn
  • Instagram
Thanks for submitting!