Security

Application Security

Sprinklr follows OWASP (Open Web Application Security Project) standard security controls for the application security. The Sprinklr SaaS application is developed internally by Sprinklr full-time employees who are provided annual training on secure coding practices. Each release follows the change management process and undergoes thorough Testing, QA and vulnerabilities are remediated.

Penetration Testing

Sprinklr performs periodic application penetration testing. The latest pen test report is available upon request under NDA.

DDoS Mitigation

The Sprinklr application is set behind Firewalls jointly managed by the Cloud Provider and Sprinklr. In addition, all internet traffic terminates in load balancing servers with dynamic IP addresses. Sprinklr continuously monitors the key parameters for all services or any unusual activity.

Responsible Disclosure Policy

Sprinklr utilizes a third party VDP platform for managing security vulnerabilities (continuous testing) reported by the security community. For more information, please refer to https://www.sprinklr.com/responsible-disclosure

Infrastructure Security

Sprinklr’s production environment is completely virtual running in an Infrastructure as a Service third-party cloud environment. The Cloud Hosting Provider operates Tier IV data centers where visitor access is restricted. Data centers are designed to anticipate and tolerate failure while maintaining service levels. Sprinklr office facilities have CCTV video surveillance systems installed at all access points and a guard is on site 24/7.

Availability and Reliability

Sprinklr offers its service in High Availability mode and the service runs in 2 different (and isolated) zones. Failover testing is performed periodically.

Penetration Testing

Sprinklr performs periodic Infra penetration testing. The latest pen test report is available upon request under NDA.

Incident Response Plan

The Sprinklr Support team uses a follow the sun schedule to provide 24/7 support for issues, critical problems and incidents. Product Support Engineers work staggered during the US daytime and India-based Product Support Engineer(s) takes over for the US night shift (India day). This coverage is provided 365 days a year.

Disaster Recovery

Automation processes are in place to restore the service from the backup data and code in the secondary location. Using automation, the entire service will be restored well within the defined Recovery Point Objective (RPO) and Recover Time Objective (RTO) objectives.

Data Encryption

Sprinklr encrypts all Data at Rest (including backups).

Network Security

As Sprinklr is SaaS, network level security is managed by the Cloud Provider with application level security managed by Sprinklr. HIDS, Firewall and various Health Monitoring tools and alerting systems are deployed on the network.

Data Encryption

Sprinklr encrypts all Data in Transit using HTTPS with TLS encryption.

Product Security

Sprinklr has incorporated data security and data privacy via multiple features as detailed below.

Access Permissions

Sprinklr defines user access permission and a role-based access control (RBAC) approach, and they are used to determine user access privileges required. Different customized permissions and configured roles are assigned to the users as per the requirement.

Access Control

Each Sprinklr user gets their own unique username. User passwords are stored one-way hashed with random salt.

Two-Factor Authentication (2FA)

Account owners and administrators may require that their users leverage this additional security layer as a second layer of defence. Sprinklr supports SMS-based multi-factor authentication.

Single Sign-On (SSO)

Sprinklr offers Single sign-on (SSO) for organizations that leverage this authentication service to give employees one set of login credentials to access multiple applications.

IP Restriction

The Sprinklr platform can be restricted to selective IP via IP whitelisting.

HR, Security and IT

All employees are provided data security and data privacy training at the time of hire and annually thereafter. Employees are also regularly tested against phishing and social engineering.

Information Security and Privacy Policies

Sprinklr has detailed security and privacy policies in place. The policies are reviewed on an ad-hoc and at least on an annual basis.

Background Checks

Thorough background checks including criminal, and employment verification are performed on all employees during the hiring process.

Endpoints

Employee workstations are equipped with Full Disk encryption, Anti-Virus and remote wipe capabilities.

Compliance and Certifications

SOC 1 Type II and SOC 2 Type II

Sprinklr has received independent certification of SOC 1 Type II and SOC 2 Type II.
These SOC certifications are renewed annually and are available under NDA.

EU-US & Swiss-US Privacy Shield

Sprinklr maintains the E.U.-U.S. Privacy Shield and Swiss-U.S. Privacy Shield certifications regarding the transfer of personal data from the EEA and/or Switzerland to the U.S.

The certifications can be viewed here.

GDPR

Sprinklr is GDPR compliant and adheres to the requirements under the General Data Protection Regulation as a data processor and as a data controller.

CCPA

Sprinklr is compliant under the new CCPA regulation.