Security

Published Date: 18-09-2020

Read Time:

Product Summary

Sinergify, a Salesforce and Jira connector, is a product from the house of Grazitti Interactive. Since its inception in 2016, Sinergify has come a long way and helped many companies digitally transform and build synergistic workspace. Sinergify is the best-of-breed connector for Salesforce and Jira integration as it allows the integration of all standard and custom Salesforce objects with Jira products (both cloud and on-premises).

Secure Software Development Life Cycle

Sinergify’s product lifecycle includes framework, governance, and set of tools, checkpoints, and industry best practices that enable Sinergify to ensure business readiness throughout the product lifecycle. Product planning, release management, execution, risk management, decision making, application security check, and performance monitoring are integrated activities in the product lifecycle.

Requirement Gathering and Analysis

During this phase, the new features and their objective are decided. On-demand functionality can also be included depending on the feasibility. Once the requirements are finalized the SRS (Software Requirement Specification) document is created and shared with the development team to start implementing these requirements.

Solution Design and Development

The development team will build the product according to the frozen requirements. Any additions to the code base, metadata, data dictionaries, data flow diagrams, and logical diagrams will be done at this stage.

Testing

Testing starts when development is complete and the modules are released. In this phase, the developed system undergoes functional testing, cross-browser testing, responsive testing, integration testing, and regression testing.

UAT

Beta testing is performed by the testing team. The goal of UAT is to ensure that product enhancements are working as per the acceptance criteria. The documentation and training videos are also created at this level.

Deployment

The product enhancements are pushed to the AppExchange after successful UAT and on receiving signoff from the QA.

Support

Grazitti provides full-time support to the business throughout the contract period post-Go-Live. Any issues encountered with respect to the out of the box functionality of the product or customizations done is taken care of by the Professional Services team at Grazitti.

Privacy by Design

Grazitti Interactive has adopted the principle of privacy by design and has built inappropriate security controls in Grazitti products. Grazitti has an information security group that works with the engineering team during product development to evaluate security and privacy risks and implement security measures/safeguards to mitigate such risks and comply with the applicable laws/standards. The use of techniques such as data minimization and Pseudonymisation is also considered where appropriate and applicable.

Grazitti ensures that the definition and planning of all new or significantly changed systems that collect or process personal data will be subject to due consideration of privacy issues, including the completion of data protection impact assessments.

Sinergify as a product does not collect any personal data, however, we may collect data with the usage of our product’s website, check Sinergify website privacy notice at: https://www.sinergify.com/legal/privacy-policy/

Vulnerability Management

Sinergify is built keeping the salesforce securities and best practices on priority. Every package update is passed by the salesforce security review and checkmark report (Static code analyzer) and Zap to test the integration API. Everything from permission to Apex, code quality, SOQL injections, XSS, XSRF, and JavaScript High Risk is taken care before every release.

Sinergify Security Issues Remediation

Sinergify customers can report security issues or concerns to the Sinergify support team via an email at support@sinergify.com. Sinergify maintains and tracks the issues identified or reported by the customers via email.

Product development, testing, or customer triggered bugs including suspected and confirmed security gaps are documented and are resolved before the product release.

Security Certifications

Security and compliance are top priorities for Grazitti because they are fundamental to securing data, eliminating systems vulnerabilities, and ensuring business continuity. Security is a key component in our offerings and is reflected in our people, process, services, and products. Grazitti uses a variety of industry-standard technologies to secure data from unauthorized access, disclosure, use, and loss.

Grazitti Interactive is ISO27001:2013, ISO27701:2019, and HIPAA Certified. Also, Grazitti Interactive has SSAE 18 SOC 1 SOC 2 Type 2 reports that demonstrate how the company achieves key compliance controls and objectives. Access for the same will be given on request after the execution of the NDA.

For a complete list of Grazitti Compliance & Certifications, please visit: https://www.grazitti.com/company/security-and-compliance/