Vendor Name: Iseehear Inc. Life Sciences
Vendor Corporate Address: 250 University Avenue, Suite 200, Toronto, Ontario, Canada M5H 3E5
Vendor Contact Phone Number: 416-492-4358
Vendor Toll Free: 1 844 559 6322 (United States & Canada)
Vendor Customer Service: [email protected]
Vendor Corporate Website: www.Iseehear.info
Vendor Security Contact Name: ITSecurity
Vendor Security Email Address: [email protected]
Vendor Security Website: www.Iseehearsecurity.com
Product Name: SoftMouse.NET
Product Website: www.SoftMouse.NET
Product Description: Animal Colony Management System
Product Manual: www.softMouseFAQ.com
Product Tutorials: www.softMouseTraining.com
Product SandBox: Please contact customer service or ITSecurity for details
Describe your organization’s business background and ownership structure, including all parent and subsidiary relationships.
Iseehear Inc. Life Sciences is a private company that is funded by its two founding partners who have a combined 35 plus years providing internet and cloud application services. All development and IT operations are conducted in-house. We do not out-source or off-shore any aspect of our business operations. Please visit this link for additional corporate information about Iseehear Inc. Life Sciences https://Iseehear.info
Describe how long your organization has conducted business in this product area.
Iseehear Inc. Life Sciences released the first version of the SoftMouse.NET Colony Management System (CMS) in 2007. For additional information on the historical timeline of SoftMouse.NET please visit this page the History of SoftMouse. https://softmouse.net/softmouse-mouse-colony-management-database-timeline-history.jsp
Does Iseehear have existing corporate and higher education customers?
Yes. Iseehear Inc. Life Sciences has several hundred higher education, commercial customers in North America, South America, Asia Pacific and Europe.
Have Iseehear had a significant breach in the last 5 years?
No. No Breaches
Does Iseehear have a dedicated Information Security staff or office?
Yes. Our Information Security Management team consists of individuals from several of our key teams (cloud operations, internet presence, management and systems admin).
Does Iseehear have a dedicated Software and System Development team(s)? (e.g. Customer Support, Implementation, Product Management, etc.)
Yes. We have dedicated Software Development, Customer Service, Sales, Analitiks, Security, Quality Assurance, Cloud Operations and System Development teams in place.
Use this area to share information about your environment that will assist those who are assessing your company data security program.
Our system is hosted by Google Cloud Platform (GCP) and is implemented using Linux, Apache and MySQL technologies with well-understood performance, scalability and security properties. Our production environment cloud is separate from our test environment cloud. We also have a back-up production cloud for use in the event of service disruption. All clouds are hosted on the Google Cloud Platform in various locations in the United States, Canada and Europe. We have made significant efforts to conform to security industry best practices. Policies, documentation and SOP’s have been and new documents are continually created. In addition we have fully paid subscriptions to third party vendors such as Qualys.com, Sumologic.com, Cloudflare.com, Google Cloud Platform (GCP) and others to provide cloud monitoring, threat protection, DDoS protection, malware protection and various layers of encryption. We are committed to continuous self-assessment and self-certification processes that includes continuous full system scans using third party compliance scanning and assessment tools provided by Qualys, Sumologic, Cloudflare and GCP in order to identify and address vulnerabilities and threats.
Does Iseehear product process protected health information (PHI) or any data covered by the Health Insurance Portability and Accountability Act?
No. Our system processes only rodent (mouse and rat) colony and breeding management information.
Does the vended product host/support a mobile application? (e.g. app)
No. The SoftMouse.NET software and database website application service is hosted in the cloud.
Will institution data be shared with or hosted by any third parties? (e.g. any entity not wholly-owned by your company is considered a third-party)
Yes. The software and database application service is hosted on the Google Cloud Platform.
Does Iseehear have a Business Continuity Plan (BCP)?
Yes. Yes we do have a Business Continuity Plan.
Does Iseehear have a Disaster Recovery Plan (DRP)?
Yes. The Disaster Recovery Plan includes a secondary geographic Google cloud location in the State of Iowa. Encrypted customer data backups. Restoration of encrypted customer data backups are tested at regular intervals.
Will data regulated by PCI DSS reside in the vended product?
No. We use PayPal.com and Stripe.com to process all credit card payments. Both companies are PCI accredited.
Is Iseehear company a consulting firm providing only consultation to the Institution?
No. Iseehear not providing consultation.
Has Iseehear undergone a NIST audit?
Yes. At this time we have undergone a Third-Party NIST Assesment in 2021. We are in the process of organizing and preparing for certifications pertaining to several security frameworks including the SOC 2 Readiness Assessments.
Does Iseehear conform with a specific industry standard security framework? (e.g. NIST Cybersecurity Framework, ISO 27001, etc.)
Yes. We make every effort to conform with the standards outlined by the NIST Cybersecurity Framework and OWASP standards. To that end we have retained Compass IT Compliance ( https://www.compassitc.com/ ) to identify security vulnerabilities that may exist on the Iseehear Colony management platform and Cloud infrastructure. Compass IT Compliance now conducts annual penetration testing.
Is Iseehear compliant with FISMA standards?
No. While Iseehear in not a federal agency, we take measures to comply with the best practices set forth by NIST. Our Security policies map to the NIST Framework and we went through a NIST 3rd party risk assessment in September 2021.
Describe how you perform security assessments of third party companies with which you share data (i.e. hosting providers, cloud services, PaaS, IaaS, SaaS, etc.). Provide a summary of your practices that assures that the third party will be subject to the appropriate standards regarding security, service recoverability, and confidentiality.
Provide a brief description for why each of these third parties will have access to institution data.
In order to conduct reasonable and secure software-as-a-service business activities we must engage third party specialist service providers to assist in providing our end users with a complete service offering. Also retaining third party vendors are critical in order to be in compliance with tax authorities, privacy regulators and security frameworks.
What legal agreements (i.e. contracts) do you have in place with these third parties that address liability in the event of a data breach?
The legal contract that we rely on are third party vendors Terms of Service and Subscription Agreements as the basis of the contracts we have with these companies.
Describe or provide references to your third party management strategy or provide additional information that may help analysts better understand your environment and how it relates to third-party solutions.
All third party vendor vetting and relationships are managed by our Internet Presence Management team. With over twenty years of internet software development and e-commerce we are acutely aware of the need for and benefit of having redundancy in third party vendor relationships. We have two groups of third party vendors. Primary providers and secondary providers in the event of an emergency. We continuously review the usefulness and quality of services provided by our primary third party vendors by having regular discussions with our various internal teams. When a primary third party vendor deviates from our service expectations we seek out and switch to new primary vendors that meet our requirements. Secondary third party vendors are used solely for a limited time in the event of service disruption from a primary vendor.