Security & Compliance Regulations

Security Built on Trust. Genea Security and Visitor Management customers across 27 countries trust Genea with their security. With up-to-date data security, we have helped everyone from startups to Fortune 50 enterprises succeed in keeping their information safe in an ever-changing world of security. See what we can do for you.

System & Organization Controls

SOC 2 is a set of security controls created by The American Institute of Certified Public Accountants (AICPA) to ensure data is safely and securely stored. Genea is SOC, Type 2 compliant. For customers that would like a copy of our SOC 2, Type 2 report, please contact us.

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) governs data protection and privacy for all individuals and citizens of the European Union (EU) and European Economic Area. Genea complies with GDPR, Penetration Testing is also performed regularly. Through this testing, Genea scrupulously evaluates its IT infrastructure by safely exploiting its vulnerabilities.

California Consumer Protection Act (CCPA)

The CCPA is California’s version of the GDPR implemented in the European Union (see above).  Genea follows CCPA regulations, so consumers know how their data is collected, used and stored.

Underwriter Laboratories (UL)

Underwriter Laboratories is a safety organization that sets industry-wide standards on new products and continually checks these products to ensure compliance. The UL-listed icon signifies thorough testing of a product against safety standards, including fire and electric shock. To view all hardware with the UL certification, visit the UL Product IQ website.

Security Features & Processes

Security Features & Processes

Network Segmentation & Role-Based Access Control

To improve cybersecurity, Genea employs strict network segmentation and isolation of environments and services in place. We use Separation of Environments, Network Segregation, Segregation of Duties and strict role-based access control on a documented, authorized and need-to-use basis. We use key management services to limit access to information.

Data in Transit

Genea makes sure all communication between their software and servers stays protected. The security uses 256-bit-encrypted HTTPS protocol — TLS (Transport Layer Security) 1.2 and above. Anyone or anything, including a supercomputer that attempts to pry, may take years to crack the decryption combination.

Data in Rest

Genea uses an encrypted database within AWS. Industry standard AES-256-bit encryption is used.

SAML-Based SSO

Authenticate Genea applications with SAML 2.0, single sign-on (SSO).

Two-Factor Authentication

Configure two-factor authentication to add an extra layer of security used to make sure that people trying to gain access to an account are who they say they are.

Cloud Infrastructure

Our infrastructure incorporates best practices from the Amazon Web Services (AWS) Adoption Framework, giving you optimal security.

Host Security

Genea’s host security includes industry-leading anti-virus, anti-malware, intrusion prevention systems and intrusion detection systems.

Vulnerability Assessment & Penetration Testing

Genea selects an external vendor to target the assets of our software which are visible on the internet.  The external assessor inspects the entire software using various techniques such as cross-site scripting, SQL injection and backdoors etc. Genea also employs an in-house network security team who run manual and automated vulnerability assessment and penetration tests time to time to ensure that we follow the OWSP top10. Our networks are continuously being monitored by industry leading products.

Incident & Change Management

Genea has an aggressive stance on Incident Management when it comes to system downtime and Security and Network Operations. We have an Information Security Management System that quickly reacts, remediates or escalates any incidents arising out of planned or unplanned changes.

Apache Log4j2

In response to the reported vulnerability CVE-2021-44228 in the Apache Log4j2 Java library, Genea has been conducting a thorough review of its products, repositories and packages to determine any potential impact on our services or customers. Our findings indicate that Genea’s products and services are not affected by CVE-2021-44228. Our devices or platform itself do not utilize Apache Log4j.

Our cloud hosting providers AWS and Azure are aware of this vulnerability. They are actively monitoring this issue and working to address it for any of their services that may be using Log4j2.

AWS: Apache Log4j2 Issue (CVE-2021-44228)

Azure:  Apache Log4j2 Issue (CVE-2021-44228)

We will continue to monitor the situation and provide updates when additional information becomes available.