Invision has completed the A-EP AOC, validated through a third-party QSA, and completed quarterly passing scans by a third party-approved scanning vendor (ASV) to achieve PCI-DSS v3.1 compliance.
InVision also uses a Level 1 PCI-certified payment processor, ensuring continued protection of customer credit card data throughout the transaction life cycle.
We use a third-party, top-tier datacenter that maintains a number of industry-recognized certifications, including: FedRAMP, ISO, SOC, PCI, and more.
Our hosting provider is also compliant with numerous regulations, privacy standards, and frameworks, including HIPAA, HITECH, GLBA, the EU Data Protection Directive, EU-US Privacy Shield, FISMA, and more than 30 others.
Our servers are hardened according to NIST standards and include file integrity monitoring (FIM), APT, and rootkit detection. All servers log to read-only SIEM with 24x7 monitoring and alerts.
All browser connections and communication is transmitted over SSL (TLS), ensuring data privacy and integrity. Our servers only support 128- or 256-bit cipher suites over TLS 1.1 or higher, protecting against unauthorized disclosure, modification, and replay attacks.
Encryption of authentication and session data
All authentication and session data is encrypted with AES-256, ensuring your account credentials and sessions remain protected and unreadable in a stored state.
We perform weekly internal and monthly external vulnerability scans to root out the latest in web, application, and system vulnerabilities. Additionally, we perform daily dynamic application scans using a leading web app security scanner.
Our consumer environment undergoes rigorous, third-party penetration testing annually to replicate the most malicious modern hacking attacks.
InVision participates in two leading bug bounty programs, allowing the world’s most gifted hackers and penetration testers an open invite to test our security measures. These dedicated environments are tightly controlled. No customer data is provided while allowing free access to our live application.
Dedicated security team
InVision employs a large 24/7 dedicated security team to manage and monitor our application and all related services.
Our Enterprise product includes all the security features of our Projects environment, as well as additional security measures and enhancements:
InVision Enterprise and private cloud environments complete an annual AICPA SOC audit. The SOC 2 report affirms a company’s effective controls related to the trust principles of security, privacy, confidentiality, availability, and processing integrity.
Dedicated web tier
Enterprise product customers receive a dedicated web tier with a custom URL, allowing a customized look-and-feel for their application instance.
InVision offers IP Whitelisting for Enterprise applications, which prevents access by anyone not explicitly authorized. This provides further protections against unauthorized access, account compromise, and brute force attacks.
Web application firewall
Our environment is protected with an enhanced WAF capable of detecting and blocking more than 600 web-based attacks and payloads. This market-leading security protection dynamically learns "normal" behavior and correlates this with threat intelligence crowd-sourced from around the world and updated in real time.
Distributed denial of service (DDoS) protection
InVision uses the leading DDoS protection solution with the highest capacity and largest Internet presence in the world. Our cloud-based DDoS protection automatically detects and mitigates all types of layer 3, 4, and 7 attacks on a network fully capable of handling the largest DDoS attacks ever recorded.
Intrusion detection and prevention
The InVision Enterprise environment is equipped with the latest in network security monitoring and prevention tools. These are all specifically designed to detect and prevent malicious attacks against our customers, our site and our services.
Two-factor authentication or multi-factor authentication (2FA/MFA)
Our Enterprise accounts include two-factor authentication, a best practice to secure access. Enterprise administrators can enforce this security measure account wide.
Single sign-on (SSO)
Single sign-on provides our customers with seamless application access while enforcing company security requirements through authentication rules. SSO is supported over SAML 2.0 and OAuth 2.0.
Our private cloud offering includes all security features of our Projects and Enterprise environments, as well as additional security measures and enhancements:
Dedicated web, app, and database tier
Complete dedicated single-tenant presentation, application, and database tiers provide complete isolation of customer data flow from input to database.
Access to application logs
Private cloud allows full access to view or export application logs, as well as using CloudWatch for greater insight, monitoring, and metrics.
Encryption at rest
All data, not just authentication and session data, is encrypted using AES-256. HSM’s are used for encrypt and decrypt functions, as well as the storage of security keys. Keys are rotated annually and managed with dual control.
Advanced container security tooling
InVision uses one of the most advanced container security tools on the market, exclusively in our private cloud environments. This tooling has advanced features such as automated hardening of images, continuous vulnerability scanning, real-time patching, real-time threat and anomaly detection, role-based access control, policy enforcement, and much more.
We never stop iterating to improve security.
At InVision, we’re committed to designing the most secure environments for your collaborative team. We work with security experts across the globe to stay up to date with the latest security techniques and deploy the best security measures.
If you have discovered a security issue you believe we should know about, we'd love to hear from you. (We also offer a bug bounty program, so let us know about it—and get paid!)