Security

Symend's security pledge

We are committed to delivering the highest level of security, reliability, privacy and compliance. We are dedicated to ensuring our products, infrastructure and operations are always secure.

Security practices

At Symend, we have a holistic approach to security. We adhere to industry standard frameworks like NIST and ISO27001 and apply standard IAM concepts like RBAC and least privilege. Our goal is a dynamic program that is risk-free and intel-driven.

Security operations

Our security team was built based on industry best practices and aligned to a standardized controls framework. If an incident occurs, we resolve the issue quickly using our security incident response practices and keep you informed with regular status updates.

Secure software development

We perform comprehensive security testing, including threat-modeling, automated scanning and third-party audits. In addition, we train all our developers in best-in-class security measures like OWASP and security coding hygiene, and perform regular internal code testing and reviews.

Resilience

We maintain high levels of availability and quality in our product through sound engineering and validation. We carry out quarterly business impact and risk auditing, with annual disaster recovery and business contingency plan testing exercises.

Security engineering

Symend’s security controls are continuously monitored and optimized. We prevent threats and vulnerabilities through our security programs.

Data Security

World-class encryption while in transit and at rest, with frequent encrypted backups, ensures data security. Safety is ensured by strictly separating dataflows into our multi-tenant environments. Our outreaches and messaging feature end-to-end encryption.

Application security

We embed security testing throughout our development pipelines. We employ a Software Development Life Cycle (SDLC) that includes static, dynamic and software composition analysis checks. We also hold quarterly penetration tests and prioritize vulnerability remediation.

Cloud security

Our cloud infrastructure is managed by trusted cloud service providers and leverages best-of-breed with Microsoft Azure and Amazon Web Services (AWS). In addition, we utilize state-of-the-art monitoring and alerting tools and leverage continuous cloud security auditing tools.

Our identity and authentication partners

We are cloud-native and use the best identity and authentication partners to ensure effective access control. Auth0 provides identity provisioning, while access management is maintained with Microsoft Azure.

More about our security

Encryption

TLS/SSL and AES-256 secure data, while end-to-end encryption is present for all consumer outreach and messages.

RBCA

Our teams and systems can only access the data they need to do their job, and we store your data with cloud providers with top-tier physical and cloud security.

Monitoring

Symend leverages a full security stack to include advanced SIEM. We are ready to respond.

Multi-factor authentication

We deploy MFA across our company, while an identity provider and 2FA ensure identity security for all our clients.

Vendor risk assessment

We regularly review third party vendors and verify compliance with appropriate policies and controls.

Access management

User access is restricted by need, with regular reviews to ensure all team members have the correct permissions. All systems are centrally managed by endpoint-management software.

Security awareness training

Annual security and privacy awareness training ensures our employees are up-to-date on security best practices.

Security culture

We confront risk and cyber threats by investing in people. Clear policies and procedures empower our staff to make security and compliance easy choices.

SBOM

An up-to-date Software Bill of Materials (SBOM) is always at the ready, allowing Symend to mitigate software supply chain risks.

API security

Symend leverages progressive API security.

Compliance and attestations

Data Protection and Privacy are the present and future of security. Our clients include major financial institutions and communications service providers; these organizations demand that data protection and privacy are done right. We are dedicated to meeting compliance and regulatory requirements and delivering security you can trust. Symend does not sell consumer data, and never will.

  • Symend is SOC 2 Type II compliant.
  • Symend aligns to the standards outlined by ISO.
  • Symend aligns to the standards outlined by the GDPR.
  • Symend is CCPA compliant.

Need more info?

To request additional information or documentation on our compliance and attestations, contact our sales team.

Email our team
Symend

Headquarters
Suite 1700, 411 1 Street SE
Calgary, AB T2G 4Y5
CANADA

Symend on LinkedIn
Symend on X
Symend on Instagram
Why Symend?

Because keeping customers is as important as recovering debt.

Solutions
Auto Financing
Auto Financing
Credit Unions
Credit Unions
Financial Services
Financial Services
Telecommunications
Telecommunications
Utility Providers
Utility Providers
Resources
Blog
Blog
Case Studies
Case Studies
Support
Support
Company
Contact Us
Contact Us
Careers
Careers
  • © Symend
  • The Science of Engagement current year