Versions Compared

Old Version 6

changes.mady.by.user Mike Harrison

Saved on

compared with

New Version Current

changes.mady.by.user Andy Brook [Plugin People]

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
stylenone

This page is to explain explains our security posture that can help customers meet , which aims to assist customers in meeting their own compliance needsrequirements.

Content here is replicated from other places to provide a convenient summary page.

Compliance

SOC2

The Plugin People are currently undergoing SOC2 compliance involving 3rd party auditors. SOC2 Type 1 and 2 Audits are due soon. has as of 23 APR 2024 attained SOC2 type 1 compliance. SOC2 Type 2 Audit is underway.

Tuesday, April 23, 2024 – The Plugin People Ltd announced today that it has achieved SOC 2 Type I compliance in accordance with American Institute of Certified Public Accountants (AICPA) standards for SOC for Service Organizations also known as SSAE 18. Achieving this standard with an unqualified opinion serves as third-party industry validation that The Plugin People Ltd provides enterprise-level security for customer’s data secured in the The Plugin People Ltd System.

The Plugin People Ltd provides a cloud-based community management and virtual event platform to customers throughout the United States.

The Plugin People Ltd was audited by Prescient Assurance , a leader in security and compliance attestation for B2B, SAAS companies worldwide. Prescient Assurance is a registered public accounting in the US and Canada and provides risk management and assurance services which includes but is not limited to SOC 2, PCI, ISO, NIST, GDPR, CCPA, HIPAA, and CSA STAR. For more information about Prescient Assurance, you may reach out them at info@prescientassurance.com.

An unqualified opinion on a SOC 2 Type I audit report demonstrates to The Plugin People Ltd’s current and future customers that they manage their data with the highest standard of security and compliance.

In scope are the core business processes, as well as our cloud infrastructure that is specific to our business and the development/deployment/support of Enterprise Mail Handler for Jira Cloud.

You can view our Trust Center online: https://trust.thepluginpeople.com/

GDPR

The Plugin People have outsourced the Data Protection Officer role, ; audits are expected soon.

...

File stores used for storing inbound/outbound customer email data are encrypted at rest.

Field Databases used in production are encrypted at rest. Additional field Level encryption (prior to storage) is used to encrypt on sensitive data. Our roadmap includes work to implement best practice multi-tenant row level security ( Jira LegacyserverSystem JiraserverId31e1f342-5dce-3979-a43c-85899d565476keyJEMHC-2341 ).

Databases used in production are encrypted at rest.

When flagging mail for support, that mail content remains in its source region, is only retrieved at the point of need by The Plugin People.

...

Key management is delegated to AWS wherever possible making rotation automated. Best practice Role based security is applied to all application nodes. Legacy password usage is already limited, future work is planned to

Jira Legacy
serverSystem Jira
serverId31e1f342-5dce-3979-a43c-85899d565476
keyJEMHC-3891
.

Product Security

Penetration Testing

...