Cloud Security Statement

Project Insight Cloud is the Software as a Service (SaaS) platform designed to host all cloud applications developed and/or managed by Project Insight. All Project Insight cloud applications are deployed in the Microsoft Azure Cloud. All Project Insight server instances deployed in the Microsoft Azure Cloud, are provisioned, monitored and managed by the Project Insight DevOps team.

All Project Insight Cloud application data is stored in Microsoft SQL Azure Premium databases, which are separate from front end application and web application servers. Application files are stored on file servers separate from front end application and web application servers. Microsoft SQL Azure Premium databases are automatically replicated between data centers for high availability and fault tolerance. Microsoft SQL Azure data is encrypted at rest and continuously backed up for point in time restore to alternative instances as needed. Azure file storage containers are configured with built-in multiple location redundancy.

The Project Insight Cloud platform systems level access is limited to authorized personnel within the Project Insight DevOps team for the specific purpose of maintaining and supporting the systems infrastructure. Project Insight Cloud platform systems access is limited to the DevOps team from within specific Project Insight internal networks, using two form authentication protocols.

The Project Insight Cloud Support team has limited access to customer application support tools (no direct system or data access) for the specific purpose of replying to customer support tickets.

All DevOps and Support personnel with access to Project Insight Cloud platform systems or customer application support tools are subject to annual screening, including background checks.

The Project Insight Cloud platform is monitored continuously 24x7. Information about system uptime is publicly available on the Project Insight DevOps system status page.

Project Insight Cloud platform front end application and web servers are backed by load balanced Windows Servers running the latest Microsoft .NET and Azure stack(s). All inbound and outbound customer network traffic is limited to 2048 bit SSL/HTTPS protocols. Front end web application and application servers have no customer data, the front end servers are kept separate from data and storage servers.

The Project Insight Cloud platform network and applications is are tested for vulnerabilities every week. The results of scans are forwarded to the Project Insight DevOps team for review and incorporation into future releases and patches.

Project Insight SaaS online is hosted entirely in Microsoft Azure. Microsoft Azure data centers are globally distributed, and provide zone resiliency which prevents PI from downtime in the event of a single data center failure.

Microsoft Azure meets most Global, US Government, Industry and regional certification standards, including these common certifications:

• SOC 1, 2, & 3
• CIS Benchmark
• FedRamp
• Section 508 VPATS
• ISO 20000-1:2011, 22301, 27001, 27017, 27018, 27701, 9001
• HIPAA/HITECH
• PCI DSS

Full list of Microsoft Azure Compliance reports.

Please contact your PI account manager for a copy of the Project Insight SOC 2 Audit report.

Your data is housed in a SQL Azure premium database, which is a modern, highly available, fault tolerant, continuously backed up database application.

What does this mean? When you use Project Insight, your data is automatically replicated to multiple data center facilities and backed up in real time, keeping your project information safe and available 24/7/365.

NOTE: This Security Statement applies to the Project Insight Cloud platform applications. For more information about Project Insight Cloud platform, please contact us.

Effective as of June 2, 2015.