Robust Product Security Program
Anthology places a strong emphasis on security, aligning their product security program with NIST standards and holding ISO 27001 certification for information security management systems. In addition, they maintain a data privacy information management system certified to ISO 27701. As a cloud service provider managing clients' data security, Anthology incorporates ISO 27017 and ISO 27018 controls into their compliance framework.
Global Security Framework
Anthology implements a global approach to security operations through a secure controls framework that meets high standards aligning with global and regional security protocols. Their products undergo annual SOC 2 Type 2 examinations and hold various regional certifications to ensure compliance. Anthology actively participates in the Higher Education Community Vendor Assessment Toolkit (HECVAT) to enhance transparency and trust in their data privacy practices.
Development with Security in Mind
Security is paramount in Anthology's product development, following security engineering guidelines from organizations like OWASP. They incorporate security practices at every stage of the software development lifecycle, adhering to industry best practices. Anthology's products are built with countermeasures for OWASP Top Ten vulnerabilities to ensure robust security.
Vulnerability Management Commitment
Anthology prides itself on its vulnerability management program, governed by a public-facing Vulnerability Management Commitment and Disclosure Policy. They encourage responsible disclosure of security vulnerabilities, promptly addressing and resolving any identified issues. Clients are advised to prioritize software updates based on the severity rating systems provided.
Reporting Vulnerabilities
Anthology values the contributions of customers and security researchers in improving their product security. They have a Vulnerability Disclosure Program in place, urging the responsible disclosure of any vulnerabilities found in their solutions. Upon reporting a vulnerability, Anthology acknowledges receipt, investigates timely, provides a resolution plan, and notifies the reporter once the issue is resolved.