Security and Disclosure

If you become aware of any items such as operational or security failures, incidents, system problems, concerns, or have other complaints with the SYRG system, please contact the appropriate person at SYRG.

Data security is a top priority for SYRG, and SYRG believes that working with skilled security researchers can identify weaknesses in any technology. If you believe you’ve found a security vulnerability in SYRG’s service, please notify us; we will work with you to resolve the issue promptly.

SOC 2 Type 2

When enterprises move their most important data to the cloud, security is an essential consideration when using new software. The SOC 2 Type II certification provides assurance that a platform's security is held to an extremely high standard. The AICPA SOC 2 is specifically designed for guaranteeing secure practices in the handling of data within the cloud by SaaS companies. The Service Organization Control (SOC) 2 Type II certification is understood to be one of the most thorough examination of an organization's data-handling practices. It establishes that an expert team of third-party auditors have meticulously examined the data-handling process, and found it to be safe and secure.

Datacenter Security

At SYRG, we use a third-party, top-of-the-line datacenter that has earned multiple industry-recognized certifications.

Our hosting service is  compliant with numerous regulations, privacy standards, and frameworks, including HIPAA, HITECH, GLBA, the EU Data Protection Directive, EU-US Privacy Shield, FISMA, and many others.

Encrypted Transmission

All browser connections and communication is transmitted over SSL (TLS), ensuring data privacy and integrity. Our servers only support the highest level of encryption 256-bit cipher suites TLS 1.2 or TLS 1.3, protecting against unauthorized disclosure, modification, and replay attacks.

Encryption of Authentication and Session Data

All of our customer's authentication and session data is carefully encrypted, protecting your data in an unreadable state for all instances of transfer.

Penetration Testing

We work with prestigious third-party penetration professionals to make sure our software is secure.

We're committed to working with security experts across the globe to stay up to date with the latest security techniques. If you have discovered a security issue that you believe we should know about, we'd love to hear from you.



Disclosure Policy

If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at vulnerabilities@syrg.app. We will acknowledge your email within Five business days. Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within Five business days of disclosure.

Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the SYRG service. Please only interact with domains you own or for which you have explicit permission from the account holder.

Exclusions

While researching, we’d like you to refrain from:

     - Distributed Denial of Service (DDoS)Spamming
     - Social engineering or phishing of SYRG employees or contractors
     - Any attacks against SYRG’s physical property or data centers

Thank you for helping to keep SYRG and our users safe!

Changes

We may revise these guidelines from time to time. The most current version of the guidelines will be available at this page.

Contact

SYRG is always open to feedback, questions, and suggestions. If you would like to talk to us, please feel free to email us at:
     - vulnerabilities@syrg.app.
      - Incident reporting: incidents@syrg.app
      - Compliance questions: compliance@syrg.app
      - System problems or vulnerabilities, or to request SYRG’s Vulnerability Management Program: vulnerabilities@syrg.app
      - Billing questions:billing@syrg.app

Other questions, concerns, or suggestions about SYRG: support@syrg.app
In addition, please feel free to review the SYRG Responsible Disclosure Policy.

Responsibility

It is the IT team’s responsibility to see this policy is enforced. Last updated: 2019-1-30

Want to learn more?

Let's Talk
SYRG logo link to home page
Status
Privacy
Terms and Conditions
YouTube logoFacebook logoLinkedIn logoTwitter logo
English (US)