Sprinklr facilitates comprehensive security standards to help reduce risk for our customers. We support industry standard controls offer a number of features to help protect your brand.
Security and Governance Feature Overview Sprinklr specialises in security and brand reputation protection across all modern channels, using a multi-layered, enterprise-grade SaaS security feature combined with best-in-class configuration, policies, procedures, and processes. Download here.
Sprinklr 10-Point Security Checklist We have gathered the ten best practices for social access security: your “10-Point Security Checklist”. While this is not 100% foolproof, it will go a long way towards protecting your brand. Download here.
Sprinklr follows OWASP (Open Web Application Security Project) standard security controls for application security. The Sprinklr SaaS application is developed internally by full-time Sprinklr employees who receive annual training on secure coding practices. Each release follows the change management process and undergoes thorough testing and QA to remedy any vulnerabilities.
Penetration Testing Sprinklr performs periodic application penetration testing. The latest pen test report is available upon request, under NDA.
DDoS Mitigation The Sprinklr application is set behind Firewalls jointly managed by the Cloud Provider and Sprinklr. In addition, all internet traffic terminates in load-balancing servers with dynamic IP addresses. Sprinklr continuously monitors the key parameters for all services or any unusual activity.
Responsible Disclosure Policy Sprinklr uses a third-party VDP platform for managing security vulnerabilities (continuous testing) reported by the security community. For more information, please see https://www.sprinklr.com/responsible-disclosure
Sprinklr’s production environment is completely virtual, running in an Infrastructure as a Service third-party cloud environment. The Cloud Hosting Provider operates Tier IV data centres where visitor access is restricted. Data centres are designed to anticipate and tolerate failure while maintaining service levels. The Sprinklr office facilities are equipped with CCTV video surveillance systems at all access points and a guard is on site 24/7.
Availability and Reliability Sprinklr offers its service in High Availability mode and the service runs in two different (and isolated) zones. Failover testing is performed periodically.
Penetration Testing Sprinklr performs periodic Infra penetration testing. The latest pen test report is available upon request, under NDA.
Incident Response Plan The Sprinklr Support team uses a follow-the-sun schedule to provide 24/7 support for issues, critical problems and incidents. India-based Product Support Engineer(s) work during the UK daytime and US-based Product Support Engineers take over, working staggered shifts during the UK nighttime. This coverage is provided 365 days a year.
Disaster Recovery Automation processes are in place to restore the service using the backup data and code stored in a secondary location. Automation can restore the entire service well within the defined Recovery Point Objective (RPO) and Recovery Time Objective (RTO).
Data Encryption Sprinklr encrypts all Data at Rest (including backups).
As Sprinklr is SaaS, network-level security is managed by the Cloud Provider and application-level security is managed by Sprinklr. HIDS, Firewall and various Health Monitoring tools and alerting systems are deployed on the network.
Data Encryption Sprinklr encrypts all Data in Transit using HTTPS with TLS encryption.
Sprinklr has incorporated data security and data privacy through multiple features as detailed below.
Access Permissions Sprinklr defines user access permissions and a role-based access control (RBAC) approach, which are used to determine the required user access privileges. Different customised permissions and configured roles are assigned to users depending on requirements.
Access Control Each Sprinklr user gets their own unique username. User passwords are stored one-way hashed with random salt.
Two-Factor Authentication (2FA) Account owners and administrators may require users to activate this additional security layer as a second line of defence. Sprinklr supports SMS-based multi-factor authentication.
Single Sign-On (SSO) Sprinklr offers Single Sign-On (SSO) for organisations that make use of this authentication service to give employees one set of login credentials to access multiple applications.
IP Restriction The Sprinklr platform can be restricted to selected IPs via IP whitelisting.
All employees are given data security and data privacy training upon hiring and annually thereafter. Employees also take regular training and tests on phishing and social engineering.
Information Security and Privacy Policies Sprinklr has detailed security and privacy policies in place. The policies are reviewed on an ad-hoc basis, and at least annually.
Background Checks During the hiring process employees undergo thorough background checks, including DBS and right to work.
Endpoints Employee workstations are equipped with Full Disk encryption, Anti-Virus and remote wipe capabilities.
SOC 1 Type II and SOC 2 Type II Sprinklr has been awarded independent certification of SOC 1 Type II and SOC 2 Type II.
These SOC certifications are renewed annually and are available under NDA.
EU-US & Swiss-US Privacy Shield Sprinklr maintains the E.U.-U.S. Privacy Shield and Swiss-U.S. Privacy Shield certifications regarding the transfer of personal data from the EEA and/or Switzerland to the U.S.
The certifications can be viewed here.
GDPR Sprinklr is General Data Protection Regulation (GDPR) compliant and adheres to the requirements as a data processor and as a data controller.
CCPA Sprinklr is compliant under the new CCPA regulation.
Payment Card Industry Data Security Standard Compliant (PCI DSS) Our platform is built on ensuring the privacy and security of our customers. Brands that accept credit card payments need a Cardholder Data Environment (CDE) that is Payment Card Industry Data Security Standard (PCI DSS) compliant. When accepting personal information from your customers, ensuring their data is protected is non-negotiable.
Sprinklr is certified PCI DSS compliant, following validation through a self-assessment and third-party review with a qualified security assessor or Attestation of Compliance (AOC). Sprinklr’s Modern Care is the first area of the platform to support this via our Live Chat feature.
Sprinklr’s CDE allows brands to send PCI secure information from their customers using Sprinklr Live Chat. Care agents can collect a customer’s credit card data and Personally Identifiable Information (PII) in a PCI-compliant secure environment without moving between communication channels. This saves time and increases purchase conversations while keeping customers happy and their information protected.