WORRIED ABOUT SECURITY? YOU SHOULD BE.
If you’re outsourcing software development, security should be a significant point of discussion with your vendor. Even if you don’t work with us, this is still a good checklist to ensure you ask the right questions and get the right answers from your vendor.
Integrant’s IP/code security program is designed to meet the data security, data privacy, and regulatory needs of enterprise-class clients in myriad industries including those that are highly regulated, such as finance and healthcare. Our approach is comprehensive and encompasses employees, certifications and audits, country-specific IP law, infrastructure and facilities, internal IT, and finally, client-Integrant connectivity.
All Integrant staff are employees, not freelancers. All employees must pass a background/security check and drug screening as a condition of employment.
We pursue applicant references aggressively and the results of those references, especially where they relate to character, integrity, and values, greatly inform our decision to hire an applicant or not. The Integrant model stresses teamwork and accountability. A high premium when hiring is placed on applicants whose characteristics and values map to integrity within the workplace, e.g., honesty, teamwork, low ego, high commitment, and a sense of loyalty toward the company and the clients.
This is how we retain employees and clients for as long as we do. And how we maintain a safe, secure environment for employees and clients alike. Our average employee retention is 5 years. Our longest client engagement is 10+ years. We hire employees we, and you, can count on.
Working with distributed teams with security in mind
The way your internal team works with your outsourced team makes a big difference as well. If you’re in a situation where you’re throwing a project over the wall and hoping for the right thing to be delivered back the same way, your team probably does not have a high degree of day-to-day visibility with the external team. On the other hand, the more integrated your team is with your external team, the more visibility you have to your external team’s characters, practices, conscientiousness, and more. Security is just as much about building trust and loyalty among and between your internal and external teams as it is about anything else.
Certifications and Audits
We maintain certifications and perform internal and external audits that ensure our ongoing vigilance. These include:
SOC 2 Compliance
The rise of cloud computing has played a key role in the number of businesses that outsource functions to service organizations. Associated liability concerns elevated the marketplace demand for assurance regarding the confidentiality and privacy of information processed by a service organization’s system. Service Organization Controls (SOC) was created as a result.
The SOC 2 report looks at a service organization’s controls relevant to the security, availability, or processing integrity of a service organization’s system or the privacy or confidentiality of the information the system processes. The report uses the Trust Services Principles and Criteria (TSPs), including organization and management, communications, risk management and design and implementation of controls, monitoring of controls, logical and physical access controls, system operations, and change management.
At Integrant we recognize this imperative and maintain SOC 2 compliance as a result.
ISO is the largest developer of voluntary international standards in the world. The goal of these standards is to provide premier specifications for products and services. Because these standards are developed through worldwide consensus, they have the significant value-add of facilitating international trade. ISO 27001/2 is a specification for an Information Security Management System (ISMS). The nature of our services does not require we are ISO 27001/2 certified, but we map our policies and procedures to ISO 27001/2 to further enhance the security we provide for our clients.
We secure the services of an independent, certified Security Officer with over 20 years of experience in managing complex computing environments who performs an annual SSAE 16 audit to ensure that we comply with our security policies and controls.
Egypt and Jordan IP Law
Both Egypt and Jordan have IP security laws in place that meet World Intellectual Property Organization (WIPO) requirements. In Egypt Law No. 82, passed in 2002 addresses the Protection of Intellectual Property Rights. Law 82/2002 reflects the major provisions of the Trade Related Aspects of Intellectual Property Rights (TRIPs) Agreement and was supported by the U.S. government and the U.S. private sector.
In Jordanian law there are 62 texts surrounding IP law. Jordan’s accession to the Trade-Related Aspects of Intellectual Property Rights (TRIPS) Agreement and the country’s level of IP protection have brought many new opportunities to the country.
Many large technology companies have offices in Egypt and Jordan, providing further validation of the support provided by country law related to IP. Members of the U.S.-Egypt Business Council include Microsoft, Oracle, GE, Google, GM, FedEx, Visa, Xerox, Merck, and MetLife. U.S.-based companies in Jordan include Google, Microsoft, Yahoo, and Cisco, American Express, General Electric, and others.
Integrant has in place an internal Compliance Department headed by our VP of International Business. This department monitors labor laws, tax laws, security and IP laws specific to Egypt and Jordan.
U.S. Headquarters Offer Additional Security
If you’re working with Integrant, you have the additional security that we are accountable to U.S. laws and standards. If you’re working with a vendor whose headquarters are overseas and the security and IP laws in that country are either not strict or not enforced or both, your ability to prosecute may be limited. If a U.S. company signs a software dev agreement with a foreign vendor or a company with offices in the U.S. but headquarters overseas they may not have any recourse if there is a problem and the vendor fails. This gets compounded if the outsourcer has multiple headquarters or is servicing multiple clients in multiple countries as they can shift responsibility around.
Integrant was founded in San Diego, CA in 1992 and opened it’s first development center in Amman, Jordan in 1997. Eleven years later we opened a second development center in Cairo, Egypt.
Facilities and Internal IT
Our facility security includes controlled access to buildings, building locks, alarm systems, cameras, the use of biometrics/fingerprints to enter secure areas including IT and Human Resources offices, colos only accessible by authorized personnel, and security guards 24/7 at our Egypt and Jordan development centers.
In addition to complying with client-specific security measures, Integrant maintains detailed security policies of its own. These include a Data Security and Classification Policies to define and enforce requirements for the protection of data. Data on Integrant networks or client production systems managed by Integrant is classified by contents, owner, access, controls, and encryption. Our comprehensive IT Security Program Plan includes:
- Security management structure and security responsibilities
- Security Policy, procedures, guides, and standards
- Security training and awareness
- Incident handling and security advisory handling
- Compliance reviews and enforcement
Please let us know if you would like more detailed information on our IT Security Policies.
Client-Integrant connectivity is a key part of ensuring a secure environment for our clients. Our connectivity options provide a safe and client-specific co-development environment.