Bigtincan | Trust Center

Resources

Showpad ISO 27001

Showpad ISO 27701

Showpad SOC 2 Type II

Content Hub ISO27001

Content Hub SOC 2 Type II

Audit in Progress. Please contact your sales rep for our current bridge letter.

Readiness Hub ISO27001

Readiness Hub SOC 2 Type II

Scorecards SOC 2 Type II

FAQs

Security and Compliance policies are currently unavailable in our Trust Center, but may be provided on a case by case basis. Please reach out to your Sales Representative for further information.
Showpad + Bigtincan reviews and updates all security and compliance policies and procedures on an annual basis.
Showpad currently maintains ISO27001 and ISO27701 certificates as well as SOC 2 Type II reports. Bigtincan currently maintains ISO27001 certificates and SOC 2 Type II Reports.
All Showpad and Bigtincan platforms adhered to the same level of policies and compliance framework requirements. The unique modular nature of Showpad and Bigtincan requires us to conduct multiple audits throughout the year to provide the highest level of trust possible to our customers.
The best source for which platform to request compliance documentation from will be your sales representative. However, customers are welcome to request documentation to all platforms as long as an appropriate Non-disclosure Agreement (NDA) is in place.
Showpad + Bigtincan ensures all data at rest is encrypted to AES 256 with all data in transit encryption to TLS 1.2 or higher.
Yes, Showpad + Bigtincan supports SSO.
Yes, Showpad + Bigtincan utilizes least privilege when granting access to all applications, operating systems, databases, and network devices.

Monitoring

Change Management

Change Management Policy
A Change Management Policy governs the documenting, tracking, testing, and approving of system, network, security, and infrastructure changes.

Availability

Business Continuity and Disaster Recovery Policy
Business Continuity and Disaster Recovery Policy governs required processes for restoring the service or supporting infrastructure after suffering a disaster or disruption.

Organizational Management

Acceptable Use Policy
An Acceptable Use Policy defines standards for appropriate and secure use of company hardware and electronic systems including storage media, communication tools and internet access.
Information Security Program Review
Management is responsible for the design, implementation, and management of the organization’s security policies and procedures. The policies and procedures are reviewed by management at least annually.
Background Checks
Background checks or their equivalent are performed before or promptly after a new hires start date, as permitted by local laws.

Confidentiality

Data Classification Policy
A Data Classification Policy details the security and handling protocols for sensitive data.

Risk Assessment

Vendor Due Diligence Review
Vendor SOC 2 reports (or equivalent) are collected and reviewed on at least an annual basis.

Access Security

Access Control and Termination Policy
An Access Control and Termination Policy governs authentication and access to applicable systems, data, and networks.