
Cognota
- Websitehttps://cognota.com
- Trust Centerhttps://trust.cognota.com
- Compliance
- GDPR
Cognota complies with all post-Schrems II DPA requirements.
- Product Security
- Audit Logs
Every event in the stack generates an event log as data assets are processed and/or their state is modified. An audit log is kept for all major actions performed by users within the Cognota application. For each action, the audit log contains the user or service which performed the action, the process which generated the event log, and a time stamp synced to the logging service. Passwords are not logged. The audit log is only accessible to Cognota administrators via the available interface; no programmatic access is available, nor are internal processing logs shipped outside of the secure environment.
- SAML SSO
Customers are encouraged to configure access into Cognota through an SSO via SAML 2.0 with their IdP.
- Data Security
- Data Encrypted At-Rest
All Customer Data and Confidential Information is encrypted at-rest using AES256, both in the application database and in the encrypted data backup process.
- Data Encrypted In-Transit
All upstream and downstream data transfer between the user’s machine and the application servers and services is done over an encrypted connection denoted by the “https://” URL. The Cognota application encryption is based on a 2048-bit SSL certificate and 256-bit encryption with only TLS v1.2+ protocols allowed with the “MEDIUM” and “HIGH” class of cipher suites (anonymous DH ciphers disabled). If a user tries to visit a non-encrypted (“http://”) URL, they are redirected to the “https://” equivalent to force the encrypted connection at all times. Additionally, all internal processing flows between service components are encrypted using TLS v1.2+ transport.
1 more topic
- Privacy
2 more topics
- Incident Management & Response
- Data Breach Notification
Security incident notification are governed by the terms located in Section 6 of the Terms of Service, and under Exhibit 3 of the Data Processing Agreement.
In event of a Security or Privacy breach incident, all Customers will be notified in writing within 24hrs of incident validation, and will receive regular reports as the incident is addressed and ultimately remediated.
- Incident Response Plan (IRP)
A copy of Cognota's Incident Response policy document is available to all Customers under NDA.
- Availability & Reliability
- Service Monitoring
Cognota utilizes both internal and external monitoring solutions to check the health, responsiveness, and uptime of its processing environment. When monitoring agents identify an anomalous event, appropriate team members are notified and the response process activated via email, secure corporate chat, and SMS notifications.
- Organizational Security
- Employee Background Checks
Prior to onboarding, all personnel must successfully complete employment, education, and criminal background checks.
- Employee Security Training
All Cognota personnel are required to undergo security awareness and security policy training annually, with consent and compliance recorded for audit and assurance purposes.
2 more topics
- Business Continuity
- Business Continuity Plan
The Cognota Business Continuity program covers corporate operations, work-from-home process, pandemic operating procedures, and customer support and success to ensure uninterrupted service to all Customers. The Cognota Business Continuity Policy is available for review to all Customers under current NDA.
- Disaster Recovery Plan
The Cognota Disaster Recovery program covers production operational disruption, security incidents, privacy incidents, force majeure events, and material non-compliance events. The Cognota Disaster Recovery policy is available for review to all Customers under current NDA.
1 more topic
- Threat Management
- Static Application Security Testing (SAST)
Cognota utlizes the Veracode platform for code security, assurance, and FOSS compliance.
- Subprocessors
Sign up to view Cognota's Subprocessors
Sign up to see the rest of Cognota's posture and unlock unlimited access.
Unlimited access to the directory allows you to review and compare thousands of security postures sourced from around the web.