Trust Center

Security is built into everything we do. 

Consensus is focused on delivering products with an infrastructure that is secure, reliable and scalable. We take great pride in maintaining our customers’ trust through transparency and constantly exceeding their expectations. Here you can find an overview of our security practices.  

TrustCenter_Hero_Banner.JPG

We implement a variety of safeguards to ensure your data is secured and our applications and infrastructure meet highest compliance requirements.

 

 

Application Security Icon.JPG

Application Security

Consensus uses best of breed application security best practices, which include:

  • Regular static and dynamic code analysis with internal SLA for full resolution of vulnerabilities before release

  • Application penetration tests and ongoing internal audits

  • Enterprise SSO, ADFS, SAML v2 and granular access model support

  • Regular security training for developers focused on OWASP

  • Proven and well supported application frameworks


Infrastructure Security.

Consensus products are secure by design. Some highlights of our secure infrastructure architecture include:

  • Hosted on a top-tier cloud hosting solution, which has extensive controls and whose compliance with PCI, ISO27002 is regularly reviewed for alignment with our customers’ needs

  • Architected with multiple layers of isolation for each product application, 24/7 monitoring and alerting

  • 99.99% availability

  • Specific security zones by application

  • Continuous hardening and patching

  • State of the art intrusion prevention and detection system

  • Content distribution network to speed up access across global regions

Infrastructure Security Icon.JPG

Process Security Icon.JPG

Administrative Security. Take Control

To ensure configurations are defined and enforced effectively we have implemented all administrative policies and audit them regularly: 

  • Adherence to best practices from NIST, ISO 27001/2 framework

  • Security Standard Configuration Policy

  • Two-factor authentication for all administrative access

  • Least privileged model across all infrastructure & application components

  • Strictly restricted access to customer data for specified authorized personnel based on need

  • Incident Response Policy including a dedicated Security Operations Center team

  • Annual information security training for all full-time personnel

  • Regular audit of system access


 

Want more info on our security practices?  Sign up below and we'll get back to you within 48 hours.