Experience Logo

Experience.com Trust Page

Security compliance is a cornerstone of our comprehensive security strategy at Experience.com. We know that trust is the foundation of any successful business partnership, and we are fully committed to earning and maintaining that trust. Compliance with security regulations and industry-standard frameworks is more than a formality. Experience.com has attained SOC 2 Type 2 and ISO 27001:2022 certifications and complies with HIPAA, CCPA, and GDPR standards, further reinforcing our commitment to trust. We build trust with our clients by providing clear evidence that our security practices align with industry best practices and regulatory requirements.

Compliance & Regulations

Compliance

isoISO 27001:2022
socSOC 2 Type II
ccpaCCPA

Regulations

gdprGDPR
hippaHIPAA

Standards

adaADA/WCAG

FrameWorks

isoNIST 800-53 R5
NIST CSF 2.0
ccpaCIS benchmarks
ccpaMITRE ATT&CK
ccpaCAN-SPAM

Management-Approved Policies

Customer Support

Our customers can reach us through multiple
channels:

Security Documents

Compliance Documents

Workstation Security

ControlsDescription
Mobile Device ManagementCentrally managed, CIS benchmark compliant.
Disk EncryptionFileVault 2 on all Mac workstations.
Anti-Malware ProtectionNext-gen EDR/Antivirus protection.
Remote AccessSecure VPN with MFA.
24/7 SupportDedicated IT/Network team.
Security ChecklistPre-deployment verification.
Asset InventoryDynamic, real-time updates.
Vulnerability ManagementWeekly scans and remediation.

Corporate Security

ControlsDescription
Network ProtectionFirewall with IPS, DDoS protection, content filtering.
Physical SecurityBiometric access controls, CCTV surveillance.
Audits & ScansMonthly audits, bi-weekly vulnerability scans.
Security Awareness ProgramMandatory training and ongoing education for employees.
Employee Background ChecksThorough screening for all employees.
Incident ResponseNIST-aligned program with dedicated CSIRT team.
GRCCommittee for aligning IT with business goals and managing risk.
Vendor ManagementDue diligence on service providers, annual re- evaluation.

Application Security

ControlsDescription
DAST & SASTDynamic and static application security testing.
Secure Coding PracticesOWASP guidelines and regular training.
External VAPTQuarterly penetration testing.
WAFWeb application firewall to filter malicious traffic.
SIEMCloud-native monitoring and alerting.
Red Team ActivitiesSimulated attacks to test and improve defenses.
Bug Bounty ProgramPublicly disclosed program for responsible vulnerability reporting.

Data Security

ControlsDescription
Access ControlsRole-based, least privilege, and separation of duties.
EncryptionIndustry-grade encryption for data at rest and in transit.
Data RetentionCompliant with CCPA/CPRA, HIPAA, GDPR and SOC 2 Type II.
Data Availability & DRBackups, hot DR site, and redundant AWS infrastructure for high availability.

Requesting Our Policies and Reports

You may submit a request from any business email address. Please send requests to sales@experience.com.

Management-Approved Policies

We collaborate with third-party vendors to enhance our services:

Amazon Web Services

Infrastructure as a Service

Sendgrid

Email and SMS

Twilio

Email and SMS

Atlassian

Atlassian software suite

Salesforce

Customer service management

NewRelic

Monitoring systems

SumoLogic

Security information and event management

Deloitte

Cybersecurity assessment provider

Have a security concern?

Our dedicated (Experience.com) Security Team is here to assist you with any issues or security-related concerns. Reach out to us at security@experience.com

© 2015 - 2024 Experience.com created by BuyersRoad, Inc.
All rights reserved.