Security
The 5 Dimensions of Upland Software Security
Providing cloud solutions you can trust
Upland Software understands that the confidentiality, integrity, and availability of our customers’ critical data is vital to their business operations. We appreciate – and don’t take for granted – the trust our customers have placed in us to keep their information safe. Our approach to data security is fundamental and the basis for providing an enterprise-grade cloud experience; it is a key differentiator in our products and corporate culture. We embrace these 5 dimensions of security to give you the peace of mind to “work smarter.”
People
Security starts with people
When it comes to implementing security best practices within an organization, the first line of defense starts with people. That’s why Upland Software has implemented a comprehensive training and education program for employees, contractors, and third-party service providers in addition to requiring background checks for all employees before being hired. We also nurture a culture of security awareness that extends to our service providers and partners, who must meet or exceed our regulatory compliance standards.
Upland Software deploys a segregation of duties to ensure that your critical information isn’t being handled exclusively by any one individual or team. This approach helps reduce human error and manage risk.
Environment
Security protects against physical intrusion
Upland Software partners with cloud infrastructure providers, such as Amazon Web Services (AWS), Microsoft Azure, and others, whose state-of-the-art data centers are housed in nondescript facilities and employ staff to monitor and control both the perimeter and the building entry points with video surveillance, intrusion detection systems, and other electronic means. Physical access to the data centers is logged and audited routinely.
Upland’s data centers use commercially reasonable efforts to provide a global average up-time of at least 99.99%*, giving customers reliable access with superior speed, high resiliency, and scalability anytime they need it.
*See Amazon’s Compute Service Level Agreement for more information.
Application Development
Security extends from application development to implementation
Security procedures are built into every stage of the Upland Software product development lifecycle. We employ a software development lifecycle that helps ensure that security is paramount and the appropriate best practices are followed. We practice security enforcement through automated source code scans of new or modified code and manually run standardized quality assurance testing. Our application servers themselves are segmented and only accept legitimate programming requests. We take it one step further and subject every Upland Software release to a third-party assessment prior to deployment.
Infrastructure
Security provides the systems that enable SaaS
At Upland Software, we are firm believers in the defense-in-depth strategy. Our cloud-based infrastructure is protected by several layers of network-based security controls including host-based firewalls, intrusion detection systems, load balancers, and virtual firewall.
With our Enterprise Grade Cloud Operations, our driving purpose is to ensure we deliver to and exceed your expectations. We take standards and procedures very seriously as a cloud-based, Software-as-a-Service (SaaS) provider. Providing connectivity, reliability, speed, security and scalability across the enterprise, Upland enables amazing outcomes for our customers. Upland’s data centers provide exceptional, cloud-delivered security, with excellent infrastructure security and integrity, strict standards, true multi-tenant service, high resiliency, and scalability.
Operational Security and Compliance
Security is a coordinated approach to accreditation and assessment
Upland Software’s enterprise-grade platform was designed to meet many of the compliance requirements of the most security-conscious customers. As the security landscape continues to evolve, you can expect us to stay ahead of the threats. Our internal Security and Compliance team helps ensure all of our physical, technical and administrative controls are in place and operating as intended. Our 24x7x365 continuous live monitoring and reporting, proactive risk assessment, and coordinated response to threats protects our services and systems to provide the reliability and connectivity our customers demand.
| PCI DSS (Payment Card Industry Data Security Standard) | NIST 800-53 Moderate Control (National Institute of Standards and Technology) | U.K. Data Protection Act 1998, and all other E.U. National Legislation |
| HIPAA (Health Insurance Portability and Accountability Act) | FISMA (Federal Information Security Management Act) | E.U. GDPR (General Data Protection Regulation) |
| Family Education Rights and Privacy Act | DIACAP (DoD Information Assurance Certification and Accreditation Process) | E.U.-U.S. Safe Harbor Registration |
| GLBA (Gramm-Leach-Bliley Act) | SOX (Sarbanes-Oxley) | SSAE 16 (Statement on Standards for Attestation Engagements) |
Note: Some compliance offerings are unique to Upland, and not all regulatory frameworks listed above apply to all available Upland products.
