Security & compliance · for our people

Your data deserves the same posture our customers' data gets.

ZERO is InterScripts' internal operating platform. The same security posture we maintain for customer-facing services — HITRUST r2, ISO 27001, SOC 2 Type II, CMMI Level 3 — is the bar this platform meets for employee data, too.

InterScripts certifications you inherit

HITRUST r2

Certified

InterScripts holds an active HITRUST r2 certification covering its production environments.

ISO 27001

Certified

Information security management system aligned to ISO/IEC 27001.

SOC 2 Type II

Certified

Annual SOC 2 Type II report from an independent CPA firm.

ISO 9001:2015

Certified

Quality management system across delivery practices.

CMMI Level 3

Appraised

Process maturity at CMMI Level 3 for software development and services.

GSA Schedule 70

Active

Federal contracting under GSA Schedule 70 with current contract performance.

What ZERO does with your employee data

Minimum needed. Logged. Reversible.

Data minimization

We pull only what the platform actually uses from Microsoft 365 — name, email, country, employee ID, manager. Not your phone or home address.

Field-level redaction

Sensitive fields (SSN, tax ID, bank account) are encrypted at the application layer and never appear in logs.

Every mutation audited

An immutable audit_event row is written for every change. Retained 7 years. Available to you on request.

GDPR-aligned rights

Access, rectification, erasure, and portability workflows — for any employee, regardless of country.

Country-aware retention

HR retention follows country policy packs. Editing 2026 policies never alters 2025 history.

No advertising. No re-sale.

Your data is used to operate the platform. Period. No third-party advertising, no profile re-sale.

How tenant isolation works

Three walls have to fail before a leak can happen.

ZERO is architected to be multi-tenant from day one — even though InterScripts is the only tenant today. Designing for isolation now means the architecture stays defensible if we ever extend ZERO to customer organizations.

PostgreSQL schema grants

Each tenant lives in its own Postgres schema. A query against another tenant's tables fails at the database, not in application code.

Per-request connection context

Before any query, the database connection sets search_path and tenant_id. The Prisma client refuses queries until both are set.

Row-level security

As defense-in-depth, sensitive tables enforce RLS using the connection's tenant id. Even a code bug fails the RLS check.

Encryption

In transit. At rest. At the field level when it matters.

TLS 1.2+ minimum (1.3 preferred). AES-256 at rest under Azure-managed keys, with customer-managed keys available for any deployment that handles employment-health information. Quarterly key rotation rehearsed.

TLS 1.2+

1.3 preferred

AES-256 at rest

Azure-managed or CMK

MFA enforced

Entra Conditional Access

Audit on every mutation

Immutable, partitioned

Per-tenant export

SAS-scoped, time-boxed

Break-glass

JIT + double approval

Incident response

If we ever have a confirmed security event affecting employee data, you'll hear from us within 72 hours. Postmortems shared within 30 days. Quarterly tabletop drills.

Disaster recovery

Geo-redundant backups. RTO < 4 hours, RPO < 15 minutes for the production database. DR rehearsed quarterly in a staging environment.

Vulnerability management

Continuous dependency scanning. Annual independent penetration test. Internal security review required on every PR touching auth, RBAC, or data persistence.

Questions about your data?

Reach the InterScripts security team. We answer in one business day.

Email security@interscripts.com