Data security benefits for you
Security framework pillars
-
Risk & compliance
-
Application & product security
-
Cloud & data protection
-
Data privacy
-
Event continuity
We regularly engage third-party assessors to examine our security policies, procedures, technologies, and controls to validate that our Program is designed and operating effectively. Cvent is compliant or aligns with several international industry security standards and data privacy regulations including:
- SOC 1 Type II
- SOC 2 Type II
- ISO 27001:2013
- ISO 27701:2019
- Payment Card Industry Data Security Standard (PCI DSS)
- Cloud Security Alliance (CSA)
- E.U. General Data Protection Regulation (GDPR)
- E.U.-U.S. Privacy Shield Framework
Our multi-layered software security strategy is consistent with that of many of the world’s most successful cloud providers. Key activities of our software security program include:
- Secure Code Training: Our software engineers are trained on how to identify the latest threats and use secure coding techniques to build resilient solutions.
- Secure Design Reviews & Threat Modeling: Our software designs undergo rigorous security reviews to identify and assess the impact of potential threats, and we establish countermeasures to address them.
- Automated Security Testing: Our software undergoes several types of security testing at various stages of software development before it’s released to customers.
- Penetration Testing: We perform Red Team exercises to simulate attacks against our solutions and identify potential points of weakness or vulnerability.
- Vulnerability Disclosure Program: We maintain a program to incentivize responsible reporting of bugs in Cvent platforms and applications by the security research community.
Cvent uses a variety of techniques to safeguard our technology and customer data including:
- Strong Perimeter & System Defense: We employ and engineer advanced systems and processes to detect and prevent damage from security threats to systems and data.
- Identity & Access Management: We maintain strict control over who can access our computing resources. We restrict access based on role and enforce strong passwords and two-factor authentication.
- Military-Grade Data Protection: All customer data is protected while in transit and at rest by methods compliant with FIPS 140-2, the U.S. government standard for data encryption.
- Vulnerability Assessment & Security Patch Management: Our Security Team runs weekly, automated security scans across our computing infrastructure to identify potential vulnerabilities or security gaps.
- Resilient Systems & Disaster Recovery Sites: We maintain highly-available, fault-tolerant systems and tools and processes to recover systems and data to geographically distinct disaster recovery centers.
We have instituted a set of policies, procedures, and protocols to ensure your data remains safe and confidential. Our commitment to protecting your privacy begins with our Global Privacy Policy, which describes how we manage the flow of data throughout the data management lifecycle from collection to destruction. The Policy details your data protection rights and our privacy practices in relation to the use of Cvent’s websites and external marketing activities. Our team of technical, security and legal experts also ensure we comply with the General Data Protection Regulation (GDPR).
We have implemented a comprehensive Business Continuity and IT Disaster Recovery Management Program designed to identify and assess threats and hazards, understand their impacts to Cvent’s operations, and develop a framework for planning and responding to unavoidable disruptions. Our framework focuses on three core elements:
- People: We have developed a unified command and control mechanism for event identification, evaluation, escalation, declaration, response and deactivation.
- Processes: We have developed recovery strategies and plans for critical business functions required to sustain an acceptable level of operation during a significant business disruption.
- Technology: We have identified resiliency strategies for required, essential information technology infrastructure, hardware and software.
Our culture of security
We build and maintain a culture of security by ensuring all our employees receive awareness and role-based training. Our security education activities include:
- In-person security awareness training during onboarding
- Annual computer-based security awareness training
- Quarterly email phishing assessments
- Annual crisis management and emergency response exercises
- Annual IT disaster recovery and continuity plan testing, training, and exercises