HEARSAY SECURITY

Ensuring your data is always protected

At Hearsay, we understand how critical your operational and client data is to your firm. Our security mechanisms are designed to protect every aspect of the physical, network and application components of our platform to keep your data secure. Our customers can rest assured knowing they can build superior customer experiences built on a strong foundation of trust.

Learn more
Man working at computerTwo business women on computers
Application security icon
Application Security
Hearsay’s software development practices are managed in accordance with established industry standards, such as NIST and CIS, for quality and security. All of our developers are trained in the common security issues in the OWASP top 10 and utilize this in the course of their design, development, reviewing, and testing efforts.
Onboarding icon
Onboarding
Hearsay provides easy controls for technology teams to manage deployment and user access across our applications. We easily integrate with your existing single sign-on (SSO) systems through SAML2 rather than creating another place for users to have to remember passwords.
Data storage icon
Storage
All data is stored in the cloud and is encrypted in transit and at rest. Deployed encryption keys use industry-standard encryption algorithms such as AES256. All private keys and secured secrets are stored separately via AWS Key Management Service, which uses FIPS 140-2 compliant hardware security modules.

Security Compliance

Hearsay is committed to mitigating risk and ensuring our services meet all regulatory and security compliance requirements in all of the industries and locales in which we operate. We work with industry bodies such as FINRA to influence and proactively maintain cybersecurity and compliance best practices for our clients.

Data Security

Securing the data we transmit and store is a top priority for Hearsay. All data is encrypted in transit using a minimum version of TLS 1.2, and at rest with AES 256. We utilize role-based access control (RBAC) to ensure that only those who should have access to data can access it, and all actions are logged.
select an option:

Business Continuity & Availability

HIGH AVAILABILITY
Resiliency within the Hearsay production environment is the ability to prevent and effectively respond to disruptions, system failures or threats impacting critical services, to continue meeting the company’s business obligations. Systems are constantly evaluated to both check and improve the resilience and key functions of the platform.

All services have resiliency built-in from high availability of the core systems through to utilizing multiple availability zones with Amazon Cloud to manage any lengthy outage.
The engineering team monitors the platform on a real-time basis via automation for performance and system-related issues. Monitoring tools are deployed to perform health checks; production thresholds have been configured on systems; and all access into the production environment is logged. The engineering team uses several monitoring tools that identify and provide alerts based on factors such as response times, application stability, and overall resource utilization.
DATA BACKUPS & RECOVERY
Backup snapshots of all raw or parsed customer data are performed at regular intervals and stored offsite in a different AWS region. Replication outside of the production environment prevents accidental or malicious deletion in the event of a compromise. Backups are tested monthly to ensure restoring the data works as expected.
Up-close typing on computer

Continuous Monitoring & Testing

Penetration Testing

Hearsay engages external qualified third parties annually to perform penetration testing of its cloud and application environment. The third-party vendor’s approach begins with a vulnerability analysis of the target system to determine what vulnerabilities exist on the system such as simulating a disgruntled/disaffected insider or an attacker that has obtained internal access to the network. Once vulnerabilities are identified, the third-party vendor attempts to exploit the vulnerabilities to determine whether unauthorized access or other malicious activity is possible.

Event Management

Hearsay collects all security event data within its cloud and application environments, correlates, and monitors them on a real-time basis. This allows Hearsay to quickly react to the detection of any unusual patterns that might indicate a malicious attempt to compromise its environment.

People Security

Background Checks

All offers of employment at Hearsay Systems are contingent upon clear results of a thorough background check. For domestic candidates, these checks include SSN verification, criminal history check (county, national, and public records), prior employment verification, personal and professional references, and education verification. For international new hires, the background check includes (where legal) international criminal search and education verification.