Cognota

Website
https://cognota.com
Trust Center
https://trust.cognota.com

Compliance
Product Security
Data Security
Privacy
Incident Management & Response
Availability & Reliability
Organizational Security
Business Continuity
Threat Management
Subprocessors

Compliance
- GDPR
  Cognota complies with all post-Schrems II DPA requirements.
Product Security
- Audit Logs
  Every event in the stack generates an event log as data assets are processed and/or their state is modified. An audit log is kept for all major actions performed by users within the Cognota application. For each action, the audit log contains the user or service which performed the action, the process which generated the event log, and a time stamp synced to the logging service. Passwords are not logged. The audit log is only accessible to Cognota administrators via the available interface; no programmatic access is available, nor are internal processing logs shipped outside of the secure environment.
- SAML SSO
  Customers are encouraged to configure access into Cognota through an SSO via SAML 2.0 with their IdP.
Data Security
- Data Encrypted At-Rest
  All Customer Data and Confidential Information is encrypted at-rest using AES256, both in the application database and in the encrypted data backup process.
- Data Encrypted In-Transit
  All upstream and downstream data transfer between the user’s machine and the application servers and services is done over an encrypted connection denoted by the “https://” URL. The Cognota application encryption is based on a 2048-bit SSL certificate and 256-bit encryption with only TLS v1.2+ protocols allowed with the “MEDIUM” and “HIGH” class of cipher suites (anonymous DH ciphers disabled). If a user tries to visit a non-encrypted (“http://”) URL, they are redirected to the “https://” equivalent to force the encrypted connection at all times. Additionally, all internal processing flows between service components are encrypted using TLS v1.2+ transport.
- 1 more topic
Privacy
- Privacy Policy
- Data Retention Policy
  Customer Data is destroyed at the conclusion of the engagement. No Customer Data is retained after the end of the commercial relationship. All Customer Data is destroyed according the process described in the Cognota Customer Data Return & Destruction Policy.
- 2 more topics
Incident Management & Response
- Data Breach Notification
  Security incident notification are governed by the terms located in Section 6 of the Terms of Service, and under Exhibit 3 of the Data Processing Agreement.
  
  In event of a Security or Privacy breach incident, all Customers will be notified in writing within 24hrs of incident validation, and will receive regular reports as the incident is addressed and ultimately remediated.
- Incident Response Plan (IRP)
  A copy of Cognota's Incident Response policy document is available to all Customers under NDA.
Availability & Reliability
- Service Monitoring
  Cognota utilizes both internal and external monitoring solutions to check the health, responsiveness, and uptime of its processing environment. When monitoring agents identify an anomalous event, appropriate team members are notified and the response process activated via email, secure corporate chat, and SMS notifications.
Organizational Security
- Employee Background Checks
  Prior to onboarding, all personnel must successfully complete employment, education, and criminal background checks.
- Employee Security Training
  All Cognota personnel are required to undergo security awareness and security policy training annually, with consent and compliance recorded for audit and assurance purposes.
- 2 more topics
Business Continuity
- Business Continuity Plan
  The Cognota Business Continuity program covers corporate operations, work-from-home process, pandemic operating procedures, and customer support and success to ensure uninterrupted service to all Customers. The Cognota Business Continuity Policy is available for review to all Customers under current NDA.
- Disaster Recovery Plan
  The Cognota Disaster Recovery program covers production operational disruption, security incidents, privacy incidents, force majeure events, and material non-compliance events. The Cognota Disaster Recovery policy is available for review to all Customers under current NDA.
- 1 more topic
Threat Management
- Static Application Security Testing (SAST)
  Cognota utlizes the Veracode platform for code security, assurance, and FOSS compliance.
Subprocessors
- Sign up to view Cognota's Subprocessors

Unlimited access to the directory allows you to review and compare thousands of security postures sourced from around the web.

Cognota

.css-np5eqa{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;padding-left:var(--chakra-space-1);}Compliance

Product Security

Data Security

Privacy

Incident Management & Response

Availability & Reliability

Organizational Security

Business Continuity

Threat Management

.css-1qeb6l9{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;padding-left:0px;}Subprocessors

Compliance

Subprocessors