Creating data security for event registration and payments
Pillars of our security framework
Risk & compliance
Application & product security
Cloud & data protection
We regularly engage third-party assessors to examine our security policies, procedures, technologies, and controls to validate that our Program is designed and operating effectively. Cvent is compliant or aligns with several international industry security standards and data privacy regulations including:
- SOC 1 Type II
- SOC 2 Type II
- ISO 27001:2013
- ISO 27701:2019
- Payment Card Industry Data Security Standard (PCI DSS)
- Cloud Security Alliance (CSA)
- E.U. General Data Protection Regulation (GDPR)
- E.U.-U.S. Privacy Shield Framework
Our multi-layered software security strategy is consistent with that of many of the world’s most successful cloud providers. Key activities of our software security program include:
- Secure Code Training: Our software engineers are trained on how to identify the latest threats and use secure coding techniques to build resilient solutions.
- Secure Design Reviews & Threat Modeling: Our software designs undergo rigorous security reviews to identify and assess the impact of potential threats, and we establish countermeasures to address them.
- Automated Security Testing: Our software undergoes several types of security testing at various stages of software development before it’s released to customers.
- Penetration Testing: We perform Red Team exercises to simulate attacks against our solutions and identify potential points of weakness or vulnerability.
- Vulnerability Disclosure Program: We maintain a program to incentivize responsible reporting of bugs in Cvent platforms and applications by the security research community.
Cvent uses a variety of techniques to safeguard our technology and customer data including:
- Strong Perimeter & System Defense: We employ and engineer advanced systems and processes to detect and prevent damage from security threats to systems and data.
- Identity & Access Management: We maintain strict control over who can access our computing resources. We restrict access based on role and enforce strong passwords and two-factor authentication.
- Military-Grade Data Protection: All customer data is protected while in transit and at rest by methods compliant with FIPS 140-2, the U.S. government standard for data encryption.
- Vulnerability Assessment & Security Patch Management: Our Security Team runs weekly, automated security scans across our computing infrastructure to identify potential vulnerabilities or security gaps.
- Resilient Systems & Disaster Recovery Sites: We maintain highly-available, fault-tolerant systems and tools and processes to recover systems and data to geographically distinct disaster recovery centers.
We have implemented a comprehensive Business Continuity and IT Disaster Recovery Management Program designed to identify and assess threats and hazards, understand their impacts to Cvent’s operations, and develop a framework for planning and responding to unavoidable disruptions. Our framework focuses on three core elements:
- People: We have developed a unified command and control mechanism for event identification, evaluation, escalation, declaration, response and deactivation.
- Processes: We have developed recovery strategies and plans for critical business functions required to sustain an acceptable level of operation during a significant business disruption.
- Technology: We have identified resiliency strategies for required, essential information technology infrastructure, hardware and software.