SAI360 Partners with Signal AI for Smarter GRC Solutions. Learn More!

Uncategorized

Security and Data Protection Approach

SAI360’s Information Security and Data Protection program is built on a foundation of standards and leading practices which takes a risk based, layered and data centric approach in protecting information assets. This includes but is not limited to ISO 27000 series, NIST Cyber Security Framework, SOC Trust Service Criteria, HIPAA, HITRUST and GDPR.

SAI360’s security and data protection approaches are described below, including core principles, processes and controls implemented to protect our environment, services, information assets, and customer data.

Security Core Principles

The core principles and Information Security Management System (ISMS) objectives below establish the foundation of the Information Security and Data Protection program, embedding security and data protection into everyone’s responsibility, all processes and services and SAI360 overall:

 

SAI360 will:

  • Release secure applications and services into secure environments for our customers
  • Identify, respond to, and manage incidents, learning from them and preventing similar incidents
  • Arm users with leading practices, enabling them to identify and report security events while operating within a secure environment with acceptable use guardrails

 

ISMS Objectives

  • Effectively manage and mature a governance, risk management and compliance foundations rooted in security frameworks, standards, regulatory requirements, and leading practices.
  • Continuously assess SAI360’s assets for risks by identifying threats and vulnerabilities, remediating or mitigating risks within a defined timeframe to an acceptable level.
  • Implement privacy and security by design approaches throughout the ISMS lifecycle.
  • Strengthen the security and privacy knowledge of SAI360’s personnel through training, education and awareness campaigns and apply it as “security is everyone’s responsibility.”

 

Establishing, Maintaining and Verifying Trust

SAI360’s approach to its Information Security and Data Protection program embeds maintaining a secure environment into everyone’s responsibility. Fundamental to any Information Security and Data Protection program is establishing and maintaining confidentiality, integrity and availability, commonly referred to as the CIA triad, along with accountability and privacy. The following section outlines each of these principles and how SAI360 maintains and continuously improves each through independent audits and attestations.

 

Confidentiality – All data owned, used, created, or maintained by SAI360 is classified into the following categories:

  • Highly Sensitive – Highest level of classification, strategic and other sensitive business information.
  • Restricted – All customer data within SAI360’s environment (application, systems, backups), personal data related to SAI360 personnel or client, information associated with critical business operations, financial position, legal obligations, etc.
  • Confidential – Default classification level assigned to information assets, labelled or not. Includes but not limited to information assets requiring subscription or contractual rights, information assets available and utilized across SAI360 business and operations, customer communications including RFx responses and assessments directly limited with requesting customer.
  • Public – General information published on SAI360 public website or other public resources.

All classifications have information handling controls throughout the lifecycle to include limitations on use, dissemination, storage, and end of life destruction.

SAI360 ensures that all information assets are accessed only by authorized personnel and has implemented appropriate security controls to prevent and detect unauthorized access including but not limited to user credentials validation, Access Control Lists (ACLs), and data in transit and at rest encryption.

Integrity – SAI360 protects its information assets following leading information security practices and principles as well as in accordance with applicable federal and state statutes and regulations.

SAI360 specifically prohibits unauthorized access to, tampering with, deliberately introducing inaccuracies to, or causing loss of SAI360 information assets. It also prohibits using information assets to violate any law, commit an intentional breach of confidentiality or privacy, compromise the performance of systems, damage software, physical devices, or networks, or otherwise sabotage SAI360 information assets.

Availability – SAI360 services are designed with reliability and resiliency as a primary service continuity objective and protects its information assets from threats and exploits, whether internal or external, deliberate, accidental or environmental. SAI360 recognizes there is no single control or solution that ensures absolute security or service availability and has implemented measures to build in infrastructure and application redundancies, data backup and recovery strategies and appropriate service continuity (disaster recovery) testing to exceed service level commitments, making services available to customers at all times.

Accountability – SAI360’s Information Security Management Committee (ISMC) is comprised of the executive management and senior leadership team providing overall objectives, direction and monitoring the performance of the Information Security and Data Protection program. This establishes accountability and oversight at the highest level of SAI360 which includes identifying and managing risks to an acceptable level and therefore setting security as everyone’s responsibility to minimize risks and secure information assets.

 

Privacy – SAI360 is committed to the protection of Personally Identifiable Information (PII) within the scope of applicable laws including but not limited to GDPR (EU/UK) and CCPA (as amended by CPRA). The Global Privacy Policy sets out how we treat the personal information that we collect, use and disclose and the Data Processing Agreements (DPAs) added as addendums to customer agreement further solidifies this commitment.

Our Team

SAI360 has assembled a world-class team of professionals with an organizational structure with clear lines of accountability, oversight and ownership without sacrificing agility and responsiveness to customers.

SAI360 recognizes the unique challenges facing service providers and specialized skill sets required to effectively manage and grow cloud based SaaS infrastructures. In direct response to this, SAI360 is heavily invested in a dedicated hosting services team whose sole mandate is to ensure the best possible experience for our hosted customers.

205 West Wacker Drive
Suite 1800
Chicago, IL 60606

+1 (312) 546-4500

©2025 SAI360 Inc.