SnapEval Security Statement

Created: July 2014

Last Updated: January 2024

Overview

The SnapEval team has extensive experience managing enterprise and application security. We employ industry best practices to ensure application and back office management security at all layers for our SnapEval and Spotlight cloud and mobile app-based products. SnapEval follows NIST SP800-53 protocols, and the NIST CyberSecurity Framework for risk assessments. We employ OWASP best practices for secure software development and perform regular vulnerability scans of our systems. This statement provides a brief overview of our security practices.  More information is available upon request.

Data Classification

The database used with SnapEval and Spotlight has been designed to house minimal data about each employee, including employee name, email address and job title. The database is also designed to house qualitative and quantitative job performance feedback about each employee.

Data Encryption

Strong encryption is the backbone of SnapEval’s protection mechanisms for back office management. All data in motion is encrypted, utilizing TLS 1.2.

Cloud Platform Service Provider

SnapEval exclusively utilizes Amazon Web Services for hosting and platform services. Annually, Amazon publishes an AICPA SOC 2 Type II report that provides attestation to Amazon’s control environment across security, privacy, availability, processing integrity and confidentiality. SnapEval reviews this report annually for continued assurance as to Amazon’s overall approach to security and that Amazon has seen no issues arise that would cause concern about to continuing to use Amazon as the cloud platform for our products. The report itself is provided by Amazon to SnapEval under NDA and cannot be shared by us to other third parties. However, arrangements can be made if a client requests to review the report.

Please direct questions regarding SnapEval security to Mike Pinch at mike@snapeval.com.