APIs & Security and SOC-2
API integration
Innovation Minds’ robust survey feature allows users to delve deep into their survey data through the Survey Lead option. Within the Insights section, users can access a comprehensive Report section designed to generate detailed reports from survey data. These reports are not only insightful but also versatile, providing valuable information that can drive decision-making and strategy formulation.
Drive collaboration and transparency to new heights with Innovation Minds’ cutting-edge report sharing functionality. Instantly generate a unique URL within the Insights section, streamlining access and distribution of detailed reports. Equip your team and stakeholders with the tools they need to make well-informed decisions and propel strategic initiatives forward with ease.
Innovation Minds facilitates seamless API integration, enabling users to expose the generated report URL for broader application. This integration empowers users to embed survey insights into various platforms and systems, enhancing the accessibility and utility of survey data across different tools and workflows. By leveraging API integration, organizations can streamline their processes, ensure data consistency, and maximize the impact of their survey insights.
Our external APIs enable seamless access to reports. Clients can easily integrate with our APIs to download and consume their data directly from our application. This integration ensures that reports are delivered efficiently and can be used across various platforms, providing flexibility and convenience in data management
Network Security
Innovation Minds is dedicated to the highest standards of security for our data center and network infrastructure. We implement a comprehensive array of robust security protocols and practices to ensure the protection of your data. By employing advanced encryption technologies, continuous monitoring, and regular security audits, we safeguard the integrity of your information and maintain the uninterrupted availability of our services. Our commitment to security extends to every aspect of our operations, providing you with the confidence that your data is always protected with the utmost care and diligence.
Physical Security
Facilities
Innovation Minds’ applications are hosted by Amazon Web Services (AWS). AWS’s global data center infrastructure is designed to ensure the highest level of performance and availability. AWS engages with external certifying bodies and independent auditors to provide considerable information regarding policies, processes, and controls, resulting in certifications, audit reports, or attestations of compliance such as SOC 2, ISO 27001, and GDPR.
On-site Security
Our data center facilities feature a secured perimeter with multi-level security zones, 24/7 manned security, CCTV video surveillance, multi-factor authentication mechanisms for access control, and security breach alarms. Learn more about AWS’s Data Center Controls.
Monitoring
All Innovation Minds infrastructure, network systems, and devices are constantly monitored and logically administered by Innovation Minds staff. Physical security, power, and internet connectivity are monitored by the individual facility providers.
Location
Innovation Minds leverages AWS Regions within the United States, India, and the European Union.
Network Security
Security Team
Our Security Team is on call 24/7 to respond to security alerts and events.
Protection
Our network is protected by redundant networks, best-in-class router technology, secure HTTPS transport over public networks, and regular audits.
Architecture
Our network security architecture consists of multiple security zones. More sensitive systems, like database servers, are protected in our most trusted zones. Other systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk. Depending on the zone, additional security monitoring and access controls apply. DMZs are utilized between the Internet and internally between the different zones of trust.
Network Vulnerability Scanning
Network security scanning gives us deep insight for quick identification of out-of-compliance or potentially vulnerable systems.
Third-Party Penetration Tests
In addition to our extensive internal scanning and testing program, each year Innovation Minds employs independent third-party security experts to perform penetration testing across Innovation Minds’ Production Network.
Security Incident Event Management (SIEM)
Our Security Incident Event Management (SIEM) program monitors logs from important network devices and host systems and alerts on triggers that notify the Security team for investigation and response.
Anti-Malware
Innovation Minds uses industry-leading anti-malware solutions to protect against threats including malware, viruses, Trojans, and spyware. New anti-malware patterns and updates are applied frequently to ensure protection against the latest threats.
Data Loss Prevention
Innovation Minds has implemented data loss prevention tools that ensure control of USB and peripheral ports and detect and prevent potential data breaches and data ex-filtration by monitoring, detecting, and blocking sensitive data in motion and at rest.
Threat Intelligence Program
Innovation Minds participates in several threat intelligence sharing programs. We monitor threats posted to these threat intelligence networks and act based on our risk and exposure.
Logical Access
Access to Innovation Minds networks is restricted by an explicit need-to-know basis, utilizes least privilege, and is frequently audited and monitored. Multi-factor authentication is required for accessing our production networks.
Security Incident Response
In case of a system alert, events are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.
Availability & Business Continuity
Uptime
Innovation Minds maintains an on-demand available system status webpage that includes system availability details, scheduled maintenance, service incident history, and relevant security events.
Redundancy
Innovation Minds employs service clustering and network redundancies to eliminate single points of failure. Our backup program ensures Service Data is actively replicated across primary and secondary systems and facilities.
Business Continuity/Disaster Recovery
Our Business Continuity (BC) and Disaster Recovery (DR) programs ensure that our services remain available or are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating Business Continuity and Disaster Recovery plans, and regularly scheduled testing.
Product & Service Security
Innovation Minds places a paramount emphasis on the security of our state-of-the-art data center and network infrastructure. Through rigorous implementation of robust security protocols and best practices, we are dedicated to safeguarding your valuable data. Our commitment ensures not only the integrity but also the uninterrupted availability of our services, providing you with peace of mind in every interaction.
Secure Development
Security Training: At least annually, engineers participate in secure code training covering OWASP Top 10 security flaws, common attack vectors, and Innovation Minds security controls.
Application Framework Security Controls: Innovation Minds utilizes a modern application framework and prepared statements for all queries to limit exposure to OWASP Top 10 Security flaws. These include inherent controls that reduce our exposure to Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and SQL Injection (SQLi), among others.
Quality Assurance: Our QA department reviews and tests our codebase. Application security engineers on staff identify, test, and triage security vulnerabilities in code.
Separate Environments
Our approach ensures that Development, Testing, and Staging environments are completely isolated, both physically and logically, from the Production environment. We strictly prohibit the use of client data in non-production environments, maintaining the highest standards of data security and confidentiality.
Application Vulnerabilities
Dynamic Vulnerability Scanning: We employ third-party, qualified security tools to continuously dynamically scan our application against the OWASP Top 10 security flaws. Application security engineers test and work with engineering teams to remediate any discovered issues.
Static Code Analysis: The source code repositories for our applications are continuously scanned for security issues via our integrated static analysis tools.
Security Penetration Testing: In addition to our extensive internal scanning and testing program, Innovation Minds employs third-party security experts annually to perform detailed application scans and penetration tests on our applications.
Authentication Security
Authentication Options
The Innovation Minds application offers login capabilities using your Innovation Minds username/password combination. To ensure robust security, we employ an industry-leading algorithm that hashes and salts all passwords securely. Additionally, users have the option to enable login via third-party social media platforms (Google, Twitter, and LinkedIn) for streamlined authentication.
Single Sign-on (SSO)
Single sign-on (SSO) enables seamless user authentication within your systems, eliminating the need for users to enter separate login credentials for accessing our Innovation Minds application through Security Assertion Markup Language (SAML). Discover more about the benefits and implementation of SSO.
Configurable Password Policy
Innovation Minds provides default password rules as well as the ability to set custom password complexity rules.
Secure Credential Storage
Innovation Minds follows secure credential storage best practices by never storing passwords in human-readable format, and only as the result of a secure, salted, one-way hash.
API Security & Authentication
Before users can access Innovation Minds data through your app, they must first authenticate and authorize against Innovation Minds. Once completed, your app will have the permissions and the resource to make API requests for data on behalf of the users. You must use the OAuth 2.0 standard to interact with the Innovation Minds Authentication page. Learn more about Innovation Minds API.
Additional Product Security Features
Access Privileges & Roles
Access to data within Innovation Minds’ applications is governed by access rights and can be configured to define granular access privileges. Innovation Minds has various permission levels for users. Learn more about Roles.
IP Restrictions
Innovation Minds’ applications can be configured to only allow access from specific IP address ranges you define. Learn more about IP Restriction.
Transmissions Security
All communications with Innovation Minds servers are encrypted using industry-standard HTTPS over public networks. This ensures that all traffic between you and Innovation Minds is secure during transit. Additionally, for email, our product supports Transport Layer Security (TLS), a protocol that encrypts and delivers email securely, mitigating eavesdropping and spoofing between mail servers.
Certifications, Memberships & Privacy
SOC 2 Type II Audit
Innovation Minds has completed the first AICPA SOC 2 Type II audit as of May 1, 2024, the recertification happens every year. Check out more details at Sprinto.
Cloud Security Alliance (CSA) STAR Self-Assessment
Innovation Minds has registered for Cloud Security Alliance STAR Self-Assessment Level 1. The STAR registry documents our security and privacy controls. Request our completed Consensus Assessments Initiative Questionnaire (CAIQ).
US-EU Privacy Shield and US-Swiss Privacy Shield
Innovation Minds has certified with the US-EU Privacy Shield and the US-Swiss Privacy Shield programs set forth by the United States Department of Commerce.
Privacy Policy
Learn more about privacy at Innovation Minds by reviewing our Privacy Policy.
Security Awareness
Policies
Innovation Minds has developed a comprehensive set of security policies covering a range of topics. These policies are shared with and made available to all employees and contractors with access to Innovation Minds information assets.
Training
All new employees attend Security Awareness Training, which is given upon hire and annually thereafter. All engineers receive annual Secure Development Training. Additional security awareness updates are provided via email, blog posts, and in presentations during internal events.
Employee Security
Background Checks
Innovation Minds performs background checks on all new employees and contractors in accordance with local laws. The background check includes criminal, education, and employment verification.
Confidentiality Agreements
All new hires are screened through the hiring process and required to sign Non-Disclosure and Confidentiality agreements.