To create a profile you must have received a Merit from a Sigma verified Organization. If you have received a Merit and need us to track it down please enter your email below.
A claimed user with that email already exists! Try loggin in or resetting your password instead.Login
Last Modified: July 13, 2018
We want you to have confidence and peace of mind every time you use Sigma. We take security seriously and protecting users and organizations is always our first priority. We want you to have a clear idea of the steps that we take, the tools that we use, and how you can help. First of all, our user, organization, and business data is safeguarded by industry-best, market-leading security solutions in a layered security approach.
All application communication is protected by enterprise-grade encryption. We utilize the latest recommended secure cipher suites to encrypt all traffic in transit. This includes TLS 1.2 protocols, AES256 encryption, and SHA2 signatures. Sigma engineers monitor the changing cryptographic landscape and upgrade our cipher suite choices as best practices evolve. At rest, all types of data are encrypted using FIPS 140-2 compliant encryption standards.
Our production systems and data reside in top-tier third-party data centers that maintain state-of-the-art physical protection and monitoring. Our data centers hold multiple industry-recognized certifications, including FedRAMP, ISO, SOC, and PCI. Sigma’s hosting provider is also compliant with various regulations, privacy standards, and frameworks, including HIPAA, HITECH, GLBA, the EU Data Protection Directive, EU-US Privacy Shield, and FISMA.
A proactive approach to security means that our engineers stay ahead of emerging threats. That’s why we actively scan our network, our endpoints, and our source code for new security updates and modifications needed to prevent attacks.
Staying secure is a continuous and comprehensive process. Maintaining a culture that values security and continuous improvement enables us to prevent vulnerabilities. To those ends, we train our team members throughout the year on staying vigilant against the latest attack trends and then test our staff’s awareness through realistic attack simulations—and then block any attacks as they happen.
We are always looking to improve and you are welcome to help us do so. If you notice anything suspicious such as a vulnerability or what may be an attack in progress (e.g., phishing, account compromise), please contact our security team at firstname.lastname@example.org.
If you would like to ensure end-to-end privacy, please encrypt your emails using our GPG key.