Select Page
< All Topics
Print

APIs & Security and SOC-2

API integration

Innovation Minds’ robust survey feature allows users to delve deep into their survey data through the Survey Lead option. Within the Insights section, users can access a comprehensive Report section designed to generate detailed reports from survey data. These reports are not only insightful but also versatile, providing valuable information that can drive decision-making and strategy formulation.

Drive collaboration and transparency to new heights with Innovation Minds’ cutting-edge report sharing functionality. Instantly generate a unique URL within the Insights section, streamlining access and distribution of detailed reports. Equip your team and stakeholders with the tools they need to make well-informed decisions and propel strategic initiatives forward with ease.

Innovation Minds facilitates seamless API integration, enabling users to expose the generated report URL for broader application. This integration empowers users to embed survey insights into various platforms and systems, enhancing the accessibility and utility of survey data across different tools and workflows. By leveraging API integration, organizations can streamline their processes, ensure data consistency, and maximize the impact of their survey insights.

Our external APIs enable seamless access to reports. Clients can easily integrate with our APIs to download and consume their data directly from our application. This integration ensures that reports are delivered efficiently and can be used across various platforms, providing flexibility and convenience in data management

Network Security

Innovation Minds is dedicated to the highest standards of security for our data center and network infrastructure. We implement a comprehensive array of robust security protocols and practices to ensure the protection of your data. By employing advanced encryption technologies, continuous monitoring, and regular security audits, we safeguard the integrity of your information and maintain the uninterrupted availability of our services. Our commitment to security extends to every aspect of our operations, providing you with the confidence that your data is always protected with the utmost care and diligence.

 

Physical Security

Facilities

Innovation Minds’ applications are hosted by Amazon Web Services (AWS). AWS’s global data center infrastructure is designed to ensure the highest level of performance and availability. AWS engages with external certifying bodies and independent auditors to provide considerable information regarding policies, processes, and controls, resulting in certifications, audit reports, or attestations of compliance such as SOC 2, ISO 27001, and GDPR.

On-site Security

Our data center facilities feature a secured perimeter with multi-level security zones, 24/7 manned security, CCTV video surveillance, multi-factor authentication mechanisms for access control, and security breach alarms. Learn more about AWS’s Data Center Controls.

Monitoring

All Innovation Minds infrastructure, network systems, and devices are constantly monitored and logically administered by Innovation Minds staff. Physical security, power, and internet connectivity are monitored by the individual facility providers.

Location

Innovation Minds leverages AWS Regions within the United States, India, and the European Union.

 

Network Security

Security Team

Our Security Team is on call 24/7 to respond to security alerts and events.

Protection

Our network is protected by redundant networks, best-in-class router technology, secure HTTPS transport over public networks, and regular audits.

Architecture

Our network security architecture consists of multiple security zones. More sensitive systems, like database servers, are protected in our most trusted zones. Other systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk. Depending on the zone, additional security monitoring and access controls apply. DMZs are utilized between the Internet and internally between the different zones of trust.

Network Vulnerability Scanning

Network security scanning gives us deep insight for quick identification of out-of-compliance or potentially vulnerable systems.

Third-Party Penetration Tests

In addition to our extensive internal scanning and testing program, each year Innovation Minds employs independent third-party security experts to perform penetration testing across Innovation Minds’ Production Network.

Security Incident Event Management (SIEM)

Our Security Incident Event Management (SIEM) program monitors logs from important network devices and host systems and alerts on triggers that notify the Security team for investigation and response.

Anti-Malware

Innovation Minds uses industry-leading anti-malware solutions to protect against threats including malware, viruses, Trojans, and spyware. New anti-malware patterns and updates are applied frequently to ensure protection against the latest threats.

Data Loss Prevention

Innovation Minds has implemented data loss prevention tools that ensure control of USB and peripheral ports and detect and prevent potential data breaches and data ex-filtration by monitoring, detecting, and blocking sensitive data in motion and at rest.

Threat Intelligence Program

Innovation Minds participates in several threat intelligence sharing programs. We monitor threats posted to these threat intelligence networks and act based on our risk and exposure.

Logical Access

Access to Innovation Minds networks is restricted by an explicit need-to-know basis, utilizes least privilege, and is frequently audited and monitored. Multi-factor authentication is required for accessing our production networks.

Security Incident Response

In case of a system alert, events are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.

 

Availability & Business Continuity

Uptime

Innovation Minds maintains an on-demand available system status webpage that includes system availability details, scheduled maintenance, service incident history, and relevant security events.

Redundancy

Innovation Minds employs service clustering and network redundancies to eliminate single points of failure. Our backup program ensures Service Data is actively replicated across primary and secondary systems and facilities.

Business Continuity/Disaster Recovery

Our Business Continuity (BC) and Disaster Recovery (DR) programs ensure that our services remain available or are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating Business Continuity and Disaster Recovery plans, and regularly scheduled testing.

Product & Service Security

Innovation Minds places a paramount emphasis on the security of our state-of-the-art data center and network infrastructure. Through rigorous implementation of robust security protocols and best practices, we are dedicated to safeguarding your valuable data. Our commitment ensures not only the integrity but also the uninterrupted availability of our services, providing you with peace of mind in every interaction.

 

Secure Development

Security Training: At least annually, engineers participate in secure code training covering OWASP Top 10 security flaws, common attack vectors, and Innovation Minds security controls.

Application Framework Security Controls: Innovation Minds utilizes a modern application framework and prepared statements for all queries to limit exposure to OWASP Top 10 Security flaws. These include inherent controls that reduce our exposure to Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and SQL Injection (SQLi), among others.

Quality Assurance: Our QA department reviews and tests our codebase. Application security engineers on staff identify, test, and triage security vulnerabilities in code.

Separate Environments

Our approach ensures that Development, Testing, and Staging environments are completely isolated, both physically and logically, from the Production environment. We strictly prohibit the use of client data in non-production environments, maintaining the highest standards of data security and confidentiality.

Application Vulnerabilities

Dynamic Vulnerability Scanning: We employ third-party, qualified security tools to continuously dynamically scan our application against the OWASP Top 10 security flaws. Application security engineers test and work with engineering teams to remediate any discovered issues.

Static Code Analysis: The source code repositories for our applications are continuously scanned for security issues via our integrated static analysis tools.

Security Penetration Testing: In addition to our extensive internal scanning and testing program, Innovation Minds employs third-party security experts annually to perform detailed application scans and penetration tests on our applications.

 

Authentication Security

Authentication Options

The Innovation Minds application offers login capabilities using your Innovation Minds username/password combination. To ensure robust security, we employ an industry-leading algorithm that hashes and salts all passwords securely. Additionally, users have the option to enable login via third-party social media platforms (Google, Twitter, and LinkedIn) for streamlined authentication.

Single Sign-on (SSO)

Single sign-on (SSO) enables seamless user authentication within your systems, eliminating the need for users to enter separate login credentials for accessing our Innovation Minds application through Security Assertion Markup Language (SAML). Discover more about the benefits and implementation of SSO.

Configurable Password Policy

Innovation Minds provides default password rules as well as the ability to set custom password complexity rules.

Secure Credential Storage

Innovation Minds follows secure credential storage best practices by never storing passwords in human-readable format, and only as the result of a secure, salted, one-way hash.

API Security & Authentication

Before users can access Innovation Minds data through your app, they must first authenticate and authorize against Innovation Minds. Once completed, your app will have the permissions and the resource to make API requests for data on behalf of the users. You must use the OAuth 2.0 standard to interact with the Innovation Minds Authentication page. Learn more about Innovation Minds API.

 

Additional Product Security Features

Access Privileges & Roles

Access to data within Innovation Minds’ applications is governed by access rights and can be configured to define granular access privileges. Innovation Minds has various permission levels for users. Learn more about Roles.

IP Restrictions

Innovation Minds’ applications can be configured to only allow access from specific IP address ranges you define. Learn more about IP Restriction.

Transmissions Security

All communications with Innovation Minds servers are encrypted using industry-standard HTTPS over public networks. This ensures that all traffic between you and Innovation Minds is secure during transit. Additionally, for email, our product supports Transport Layer Security (TLS), a protocol that encrypts and delivers email securely, mitigating eavesdropping and spoofing between mail servers.

 

Certifications, Memberships & Privacy

SOC 2 Type II Audit

Innovation Minds has completed the first AICPA SOC 2 Type II audit as of May 1, 2024, the recertification happens every year. Check out more details at Sprinto.

Cloud Security Alliance (CSA) STAR Self-Assessment

Innovation Minds has registered for Cloud Security Alliance STAR Self-Assessment Level 1. The STAR registry documents our security and privacy controls. Request our completed Consensus Assessments Initiative Questionnaire (CAIQ).

US-EU Privacy Shield and US-Swiss Privacy Shield

Innovation Minds has certified with the US-EU Privacy Shield and the US-Swiss Privacy Shield programs set forth by the United States Department of Commerce.

Privacy Policy

Learn more about privacy at Innovation Minds by reviewing our Privacy Policy.

 

Security Awareness

Policies

Innovation Minds has developed a comprehensive set of security policies covering a range of topics. These policies are shared with and made available to all employees and contractors with access to Innovation Minds information assets.

Training

All new employees attend Security Awareness Training, which is given upon hire and annually thereafter. All engineers receive annual Secure Development Training. Additional security awareness updates are provided via email, blog posts, and in presentations during internal events.

 

Employee Security

Background Checks

Innovation Minds performs background checks on all new employees and contractors in accordance with local laws. The background check includes criminal, education, and employment verification.

Confidentiality Agreements

All new hires are screened through the hiring process and required to sign Non-Disclosure and Confidentiality agreements.