Confidentiality and data security have been infused into Prialto’s service platform since the company’s founding in 2009. We have developed a comprehensive security infrastructure to ensure that client information is held in strict confidence, supported by stringent protocols and practices.

When developing and documenting client processes, we work closely with each account to jointly determine which data and systems will be handled by the Prialto team.

Prialto’s data security infrastructure segments physical, electronic, and human security to provide a comprehensive set of safeguards for client data. This process has been developed in conjunction with industry experts and is continuously reviewed and refined.

 

 Data Security and SOC 2 Compliance 

Prialto recognizes the importance of confidentiality and enterprise-level security to keep your data secure and meet your compliance requirements. We have infused a comprehensive security infrastructure into Prialto’s service platform to ensure that client information is held in strict confidence, supported by stringent protocols and practices. 

To highlight our commitment, Prialto is currently underway to achieve SOC 2 compliance. SOC 2 is the main cybersecurity compliance framework (trust services criteria) developed to ensure that third-party service providers store and process client data in a secure manner. 

The company has retained auditors and expects to achieve compliance during the summer of 2024. Prialto is using Drata to help automate the compliance journey, which will ultimately provide dashboard visibility for customers regarding the compliance. The company uses Microsoft Intune/Defender for endpoint management and SumoLogic as its SIEM (security info and event management). 

How we maintain our data security infrastructure

When developing and documenting client processes, we work closely with each account to jointly determine which data and systems will be handled by the Prialto team. Prialto’s data security infrastructure segments human, information, and physical security to provide a comprehensive set of safeguards for client data.

Human

Our human security systems include:

  • Background Checks: Prialto conducts criminal, credit, and employment background checks on all employees.
  • Security Policy: Prialto's security policy (available upon request) includes process guidelines, ethical (“Chinese”) walls, and a process for escalating any security issues immediately. Prialto reviews any incident immediately and this policy overall on a quarterly basis.
  • Confidentiality Agreements: Each employee executes nondisclosure agreements directly with Prialto. 
  • Management: Prialto managers are trained to monitor / coach teammates on proper security procedures.
  • Ongoing Training: Prialto ensures each employee is sensitized to client security needs and trained in how to meet those needs. This includes phishing testing and training to provide real-world examples of how to identify threats.

Information

Our information security systems include:

  • Endpoint Management: Devices connected to Prialto and client networks are kept up to date with security software and hardware, including tight controls on files and data. Devices are monitored to detect and respond to threats, including ransomware and malware. 
  • Single Sign-On: Session and end-user authentication.
  • Password Management: Prialto has a secure password management infrastructure that secures all logins. Access is based on single sign-on to each employee’s primary account. 
  • Cloud Security: All core applications are industry-leading, cloud-based platforms based in US data centers with complete backup and redundancy.
  • IP Restrictions: Prialto leverages IP login restrictions to limit access to known IP addresses.

Physical Offices

Our physical security systems include:

  • Security Cards: Our team has key secure key cards / ID cards to access the buildings and/or specific office space.
  • Security Guards/Alarms: All international locations have security alarms and guards appropriate to their environments.
  • Video Monitoring: Video monitoring is in place to provide an additional layer of security.
  • Biometrics: To verify employee identities.

Note: Many employees do work from home on a regular or hybrid basis. Data integrity is maintained with multi-factor authentication on all applications as well as additional security measures.

 

Read More: What to Know About Virtual Assistant Security Risks

Experience Prialto

Book a Call