The inriver platform has data protection at its core, allowing our customers to focus on growing their business, not worrying about data security.
In the digital world, data is a foundational asset whether it’s related to your products, your customers, or your business. That’s why robust data security is such a fundamental requirement of an advanced PIM platform. To meet the evolving needs of our customers, inriver is committed to constantly evolving our platform to ensure your data is always protected against whatever tomorrow brings.
The inriver PIM platform has been SOC 2 Type II compliant since 2021.
SOC 2 (standing for Service and Organization Controls) is a security and compliance standard for service organizations developed by the American Institute of Certified Public Accountants (AICPA). The framework defines requirements to manage and store customer data and is developed around five Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.
SOC 2 Type II compliance was established to help mitigate the ongoing security challenges organizations like inriver face. Unlike SOC 2 Type I compliance, which focuses on a point-in-time review, SOC 2 Type II reports on the effectiveness of a service organization’s controls over a defined period. Inriver received an unqualified report, indicating full compliance and no exceptions or advisory comments.
The inriver platform is part of the Microsoft Azure ecosystem, giving our customers the many benefits of this ecosystem:
The inriver PIM uses only limited personal data (i.e., name and email address) for unique login and roles/permissions assignment. To provide the inriver PIM service there is no need to store, process or transmit any sensitive personal data (such as Social Security Numbers, PCI data, etc.).
Yes. All data is encrypted at-rest and in-transit by default. The inriver PIM service is encrypted in-transit with at least TLS 1.2, and at-rest with at least AES 256, including redundant backups.
Yes. Inriver has a dedicated Security and Compliance team that is led by the CISO (Chief Information Security Officer).
Yes. Inriver is SOC 2 Type II compliant.
Yes. Our recent SOC 2 Type II report is available upon request via the Trust Center and requires the signing of a Non-Disclosure Agreement (NDA).
Yes. Inriver engages an independent third-party company to perform penetration testing on an annual basis. Vulnerability scans are performed on at least on a weekly basis.
Yes. The inriver PIM leverages Microsoft Azure native solutions for Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP), and Security Information and Event Management (SIEM).
Inriver also uses a Managed Security Services Provider (MSSP) / Managed Detection and Response (MDR) company that provides 24/7 SOC (Security Operation Center) continuous security monitoring and threat remediation. For more information, read the inriver Trust Center datasheet.
Yes. There is a static code analysis tool in place that provides reports on vulnerabilities in the source code and as well as third-party (or open source) libraries. The tool also checks code quality and provides suggestions for improvements.
Users are authenticated via a basic username and password or SSO (Single Sign-On). For SSO, inriver supports SAML 2.0. This allows us to work with, for example, AD, Azure AD, Okta, and others.
Yes. inriver has a rigorous risk assessment process for evaluating and approving all subcontractors or third parties. For more information, visit the inriver Trust Center.
Schedule a personalized, guided demo with an inriver expert today to see how the inriver PIM can get more value from your product information.