Security FAQs and support

• Can i install Data Integration on your own premises?

  No, Data Integration is a cloud-based, entirely SaaS product.

• Why is SaaS better than on-premises?

  As a SaaS provider, we are responsible for all maintenance and operations. On-premise demands time, personnel, and equipment to maintain things current. With high-end vendors, our SaaS systems are highly secure, with expert network and server security supervision. It is cost-effective, and we assist with business continuity during times of crisis. With SaaS, businesses can easily scale up solutions with minimum time and effort as they grow.

• Do you comply with recognized data security standards?

  Data Integration holds SOC2 Type II certification and complies with GDPR and HIPAA.

• What type of data will Data Integration store to provide the service?

  The customer has complete control over the data that travels via Data Integration service. Unless the consumer requests it, Data Integration does not keep the customer's data longer than is necessary to handle it; Data Integration erases it after 48 hours at the most.

• What are the connection methods supported by the solution?

  Data Integration supports a variety of connection techniques, including secure SSH tunnels and Private Link.

• What techniques does Data Integration allow for platform authentication?

  Data Integration offers a variety of authentication methods, including SSO, Google OAuth 2.0, and user/password, depending on the customer's preferences.

• Does Data Integration support adding strong authentication when using SSO or Google OAuth2 as the preferred authentication methods?

  Yes, Data Integration supports multi-factor authentication.

• Can we integrate Azure Active Directory and use our own credentials?

  Yes.

• Is there built-in user role-based access in the SaaS solution?

  Yes, the Administrator can manage the capabilities.

• What measures do you employ to protect our backup data?

  We only back up metadata identifiers for GDPR compliance and user analytics, not customer data.

• Does Data Integration have a Disaster Recovery Plan (DRP)?

  Data Integration has created a disaster recovery plan based on AWS systems that are SOC 2 Type II and ISO 27001:2013 certified. The DRP design minimizes service interruptions due to hardware failure, natural disasters, or primary data center outages. Data Integration conducts a DR test every year.

• Do you encrypt data at rest?

  We encrypt all data at rest based on AWS configurations. AWS hosts customer data at rest in separate storage services and encrypts it. Amazon S3 handles encryption using AES256 bit encryption.

• Do you encrypt data in transit?

  We encrypt all traffic for our customers and the platform using a secure TLS connection.

• Is Data Integration solution tested for penetration?

  Independent third-party security vendors conduct annual penetration testing on our system. These vendors use a gray-box approach and, at a minimum, cover the OWASP Top10.

• Do you retrieve and document consent from the data subject when collecting, using, or disclosing privacy-related data?

  Yes, Data Integration privacy policy may give you more details.

• Is Data Integration making a reasonable attempt to keep the collection, usage, and storage of privacy-related data to the bare minimum required to achieve the data's intended purposes?

  Yes. Data Integration does not save or sniff any data that passes through our customers' pipes (Data Flows). Furthermore, Data Integration keeps the client's data only for the duration of the pipeline's processing and subsequently erases it after a maximum of 48 hours. It is also worth pointing out that this is configuration-dependent. If a customer chooses to create their own landing zone, Data Integration will not save any information.

• Do you process or will you process any Personal Data on our behalf as part of your service?

  Data Integration only handles personal information that customers share with us.

• What type(s) of data are you processing that may be saved in storage?

  The engagement requires Client Contacts, Financial Data, and Configuration and Performance.

• What are your main areas that conduct data processing?

  We process data at AWS data centers. The US and Europe are the physical locations.

• Is there a system in place at Data Integration for deleting all or a subset of Personal Data given in response to a specific request and/or contract termination?

  Following GDPR, we will comply with customer requests to remove all personal data.

• Do you have a mechanism to detect, assess, monitor, and respond to security risks posed by third-party service providers?

  Data Integration third-party providers sign confidentiality agreements with Data Integration to ensure that they maintain system confidentiality, which is in line with Data Integration policy. Before onboarding new suppliers, the Company has a third-party assurance process in place, including completing and approving vendor due diligence studies.

• Do you keep track of all security issues and have a documented incident response plan?

  Yes, we can share it only under the terms of a non-disclosure agreement.

Disclaimer

When using Boomi AI products ("Boomi AI"), Customer may provide information, data, or input to be processed by Boomi AI (the "Input"). Customer warrants that any Input will not infringe the rights of a third party, or violate applicable law, or the Agreement. The Parties acknowledge and understand that the Input will have an effect on the data or suggestions returned to Customer by Boomi AI (the "Responses"). Boomi does not warrant or guarantee that a Response will conform to Customer's expectations or requirements. Boomi may use the Input and Responses for the purpose of improving or developing current and/or future Boomi Services. Customer agrees that Boomi does not make any representations or warranties around agents made available by providers other than Boomi, or created by a third party with the Boomi Agent Designer ("Third Party Providers").