Ensuring your data is always protected

At Hearsay, we understand how critical your operational and client data is to your firm. Our security mechanisms are designed to protect every aspect of the physical, network and application components of our platform to keep your data secure. Our customers can rest assured knowing they can build superior customer experiences built on a strong foundation of trust.

Learn more
Man working at computerTwo business women on computers
Application security icon
Application Security
Hearsay’s software development practices are managed in accordance with established industry standards, including NIST and CIS, for quality and security. All of our developers are trained on common security issues detailed in the OWASP top 10.
Onboarding icon
Hearsay provides easy controls for technology teams to manage deployment and user access across our applications. We easily integrate with your existing single sign-on (SSO) systems through SAML2 rather than creating another place for users to have to remember passwords.
Data storage icon
All data is stored in the cloud and is encrypted in transit and at rest. Deployed encryption keys use industry-standard encryption algorithms such as AES256. All private keys and secured secrets are stored separately via AWS Key Management Service, which uses FIPS 140-2 compliant hardware security modules.

Security Compliance

Hearsay is committed to mitigating risk and ensuring our services meet all regulatory and security compliance requirements in all of the industries and locales in which we operate. We work with industry bodies such as FINRA to influence and proactively maintain cybersecurity and compliance best practices for our clients.

Data Security

Securing the data we transmit and store is a top priority for Hearsay. All data is encrypted in transit using a minimum version of TLS 1.2, and at rest with AES 256. We utilize role-based access control (RBAC) to ensure that only those who should have access to data can access it, and all actions are logged.
select an option:

Business Continuity & Availability

Prioritizing resiliency within the Hearsay production environment allows us to prevent and effectively respond to disruptions, system failures, or threats that have the potential to impact critical services. To ensure that your firm is always poised to meet business obligations, we constantly evaluate, verify, and improve the resilience and key functions of our platform.

All of Hearsay’s services are designed to be resilient. Not only do our core systems have high availability; we also have a strong contingency plan in place. By utilizing multiple availability zones with Amazon Cloud, we can manage a lengthy outage.
Additionally, all access to the production environment is logged, and all systems have fully configured production thresholds.

Our engineering team also performs regular health checks to identify any performance or system issues. We use automated monitoring tools to keep a close eye on response times, application stability, and overall resource utilization.
Backup snapshots of all raw or parsed customer data are performed at regular intervals and stored offsite in a different AWS region. Replication outside of the production environment prevents accidental or malicious deletion in the event of a compromise. Backups are tested monthly to ensure restoring the data works as expected.
Up-close typing on computer

Continuous Monitoring & Testing

Penetration Testing

Every year, Hearsay engages external qualified third parties to perform penetration testing of its cloud and application environment. Testing begins with a vulnerability analysis of the target system to determine what potential risks exist (for example, simulating a disgruntled insider or an attacker who obtained internal network access).

Once vulnerabilities are identified, the vendor attempts to exploit them and determine whether unauthorized access or other malicious activity is possible.

Event Management

We collect, correlate, and monitor all security event data within its cloud and application environments on a real-time basis. This allows Hearsay to react quickly to the detection of any unusual patterns that might indicate a malicious attempt to compromise its environment.

People Security

Background Checks

All offers of employment at Hearsay Systems are contingent upon clear results of a thorough background check. For domestic candidates, these checks include SSN verification, criminal history check (county, national, and public records), prior employment verification, personal and professional references, and education verification. For international new hires, the background check includes (where legal) international criminal search and education verification.