Eightfold® is committed to high standards of compliance, security, and accessibility for our systems. Eightfold’s actions in these areas of governance are designed to minimize risk to our customers by maintaining the confidentiality, integrity, and availability of the data entrusted to us.
These actions also support our mission of employment opportunity by creating a positive experience for everyone who uses Eightfold technologies.

Why Eightfold / Governance

Compliance

SOC 2
Eightfold is SOC 2 Type I and SOC 2 Type II certified by independent third-party auditors.

ISO27001
Eightfold is ISO27001 certified by independent third-party auditors.

GDPR
Eightfold is compliant with European Union General Data Protection Regulations (GDPR) as applied to Eightfold, and supports customers’ own compliance programs through product features, integration, and configuration options, as required by our customers.

CCPA
Eightfold is compliant with the California Consumer Privacy Act (CCPA) as applied to Eightfold, and supports customers’ own compliance programs through product features, integration, and configuration options, as required by our customers.

OFCCP
Eightfold supports record keeping standards established by the Office of Federal Contract Compliance Programs (OFCCP) as required by our customers who are subject to OFCCP.

FedRAMP Ready
Eightfold has achieved the FedRAMP Ready certification as a moderate SaaS offering for our Amazon Web Services (AWS) GovCloud region as required by our public sector customers.

Security

Data Access Control
Access to all corporate and customer data is granted based on principles of least privilege and need-to-know governed by role and individual user profiles.

Access Authentication
Eightfold supports SAML 2.0 and SSO integration. Application access is controlled by customer defined groups based on configurable permissions. Eightfold utilizes MFA, IAM and IdP to prevent unauthorized access to the systems and application.

Data Protection
Eightfold encrypts data at rest and in transit using AES 256-bit and TLS 1.2.

Physical Security
Eightfold uses AWS as our hosting provider.

Third-Party Testing
Eightfold conducts periodic third-party security assessments including penetration testing to verify security controls. In addition, Eightfold offers a “bug bounty” program to collect reports of potential security vulnerabilities from outside parties; click here for more information.

Backup
Eightfold uses database replication and periodic snapshots to avoid data loss.

Accessibility

ADA & WCAG 2.1 AA
Eightfold follows the Web Content Accessibility Guidelines (WCAG) 2.1 AA standard as promulgated by the World Wide Web Consortium for design of all public-facing products. These designs allow users to operate Eightfold websites using assistive devices like a screen reader.