Trust & Security

From product to platform to physical security, PROS dials in the international standards and then asks: What else can we do?

• Our cloud utilizes strategically positioned data centers within the Global Microsoft Azure network to minimize latency and provide primary and secondary pairs for backup.
• We base PROS Secure Development Lifecycle (SDL) on industry best practices and tailor it to fit the Agile methodology, including threat modeling, security testing at the code level to ensure vulnerabilities are identified early and regular vulnerability scanning of the PROS Cloud environment.
• We regularly test key controls, systems and procedures in our information security program to validate their effectiveness in addressing threats and risks.
• We conduct penetration testing and perform a Final Security Review (FSR) of all security activities before each version of the software is released.
• We conduct frequent internal audits, annual independent third party audits and risk assessments in order to continuously monitor the threat landscape.
• We hand you full IT service management, including stack monitoring and operations, disaster recovery and capacity management - all with an application-level SLA.

Our secure architecture includes access control, multi-factor authentication, encryption and state-of-the-art defenses against cyber-attacks. PROS provides the security and availability features you demand of a mission-critical application:

• SOC2 and ISO 27001 certified environments with ITIL incident and change management.
• PCI and HIPAA compliant environments available, if needed.
• Strict enforcement of information security policies and annual security training for all employees.
• Industry standard firewalls and intrusion detection/prevention.
• All customer instances and data logically isolated.
• Enterprise change management program including security patching on all systems.