SaaS Security For ITSM
Our systems are designed to ensure the confidentiality, integrity, availability, and privacy of you and your employees on any platform, including AWS GovCloud.
Compliant and Certified
Maintaining compliance and certification is reliant on the expert implementation of fundamental, effective security and privacy practices such as role-based access control, principle of least-privilege, encryption in transit and at rest, and multi-factor authentication.
Espressive is compliant with SOC 2 Type 2.
Espressive complies with the General Data Protection Regulation when handling all customer data, both inside and outside of the EU.
Espressive complies with the HIPAA encryption requirement set, including those requirements specific to the HITECH Act.
Espressive is running in AWS GovCloud in the United States.
Espressive complies with the California Consumer Privacy Act regarding personal information.
Espressive is ISO 20243 certified.
Espressive has established CSA Star Level One, Self-Assessment certification to provide complete transparency into our security posture and security controls.
Top Security is Our Top Priority.
Establishing a secure system requires constant work to ensure our customers can rest assured their data is safe and protected.
Security is at the core of what we do. Here’s how we put it into action everyday.
Comprehensive security testing methodologies, including coverage for various attack vectors
Annual third-party penetration testing, led by a FedRAMP Third-Party Assessment Organization (3PAO)
Static and dynamic security testing integrated into the CI/CD pipeline
A Vulnerability Management Program and related Service Level Agreement (SLA) that meet, and often exceed, the minimum FedRAMP remediation requirements
The implementation of security information and event management (SIEM) continuous monitoring, an intrusion detection (IDS) and intrusion prevention system (IPS), audit logging, and continuous dynamic application security testing (DAST) to protect customer and internal data
Adherence to the U.S. government’s security requirements; industry best-practices based on NIST 800-53 controls
Implementation of secure virtual hardware
Comprehensive, required training on secure coding best practices for all engineers
Collaboration with government bodies to ensure the most stringent policies
Privacy By Design
No multi-tenancy
Every customer tenant in the Barista Employee Language Cloud, our domain-specific large language model, is a private and secure data repository that prohibits sharing of data across customers.
Privacy first
Espressive Barista was designed to ensure that every employee’s privacy is maintained, so any interaction with Barista used to build out our Employee Language Cloud is anonymized.
Smart Ticketing
Organizations can rest assured that tickets are routed to the right service desk team so that teams see only the tickets that were meant for them (i.e., IT cannot see HR interactions, etc.).
Modern Apps Require a Modern Architecture
Unlike legacy ITSM solutions that use per-customer virtual machines (VMs) that have upper performance limits, Espressive was designed with performance in mind by taking advantage of an elastic architecture with a modern, container-based design.
In addition, Espressive Barista is a SaaS solution, which means that customers don't need to worry about upgrades, testing, etc.
