Employment


All employees and staff, including contractors, undergo and must pass multi-state background checks in order to be accepted for employment. All employees/staff/contractors also sign agreements and confidentiality terms.

Education/Training


All employees and staff undergo regular security training and education to be security conscious. Security training is also part of our onboarding process for employees.

Data Access


EngageWhiz follows the principle of least privilege. Only authorized staff have access to our internal systems, with fewer having access to production systems. No staff can access production databases without proper authorization, reason, and logging of the access.

For U.S. institutions, only staff that are legal citizens of the United States are considered for access/handling of that data.

Auditing/Logging


Our systems log all access and actions performed, including deployments of code, database access, authentication, and more. We also log and maintain records of employee and company hardware/devices.

Policies


EngageWhiz practices, maintains, and updates multiple policies and procedures to mitigate and handle a variety of situations, and maintain a secure system and organization. Some of these policies are:

  • Application Data Migration Policy
  • Application Development Cycle
  • Asset Management and Repurposing
  • Business Continuity Plan
  • Business Impact Analysis
  • CAIQ
  • Capacity Planning
  • Change Management Plan
  • Code of Ethics
  • Crisis Management Roles
  • Customer Data Migration Policy
  • Data Impact and Criticality Categorization
  • Data Ownership
  • Data Processing Agreement
  • Data Transport Routes
  • Development and Acquisition Authorization Policy
  • Disaster Recovery Plan
  • Emergency Change Management Plan
  • Firewall Change Request Policy
  • Formal Incident Response Plan
  • GDPR Code of Conduct
  • GDPR Data Map
  • Hardware Architecture Diagram
  • HECVAT
  • HIPAA Risk Analysis
  • Information Security Policy
  • Internal Audit Process
  • Media Handling Process
  • Mobile Device Policy
  • Password Policy
  • Performance Metrics
  • Physical Security Controls
  • Privacy Officers
  • Privileged Account Review Process
  • Quality Assurance Policy
  • Security Risk Mitigation Policy
  • Subprocessors
  • Systems Access Removal Metrics
  • User Roles and Permissions Outline
  • Merger and Acquisition Policy

Support


EngageWhiz provides support via phone, email, live chat, or in-person. We offer this support at no additional cost to our contracts, meaning there are no support contract fees.

Business Recovery Third-Party


EngageWhiz strives to reduce risk, and is aware that certain events could occur which could shutdown business operations or incapacitate key members of the organization. As a safeguard, in addition to our other policies and procedures, a copy of the full source code and documentation for the EngageWhiz platform is maintained by a third-party.

Customer institutions can receive the contact info of this third-party, and should such an event occur where development and maintenance of the platform will no longer occur, can receive this copy.