At Sounding Board, our top priority is keeping our customers, coach, and coachee data secure. We employ rigorous security measures at the organizational, architectural, and operational levels to ensure that your data remains safe.
Security is a focus for everyone at Sounding Board. All employees receive security and privacy training in their first two weeks at Sounding Board to keep both Sounding Board and customer data safe and secure. Every year, we work with our team to ensure that they understand the importance of security and, crucially, how to make security a practical, everyday part of their work.
Our security and privacy team ensures that security awareness and initiatives continually permeate the organization.
Sounding Board encrypts all customer data while it is at rest. That means that when the data is not being used or accessed, it’s encrypted to be safer and more secure. This is a fundamental design characteristic of the Sounding Board technology. We use the Advanced Encryption Standard (AES) algorithm with a key size of 256 bits, and the keys are managed by our Database provider (MongoDB).
Transport Layer Security (TLS) protects user access via the internet, helping to secure network traffic from passive eavesdropping, active tampering, or message forgery. We utilize 128-bit SSL encryption for this.
SAML 2.0 allows for a seamless, single-sign-on experience between the customer’s internal web portal and Sounding Board. Customers login to their company’s internal web portal using their enterprise username and password and are then presented with a link to Sounding Board, which automatically gives customers access without having to log in again.
Sounding Board offers a username/password for our Native Login. Your email is your unique identifier in the system. Sounding Board requires user’s passwords to meet the following requirements:
Sounding Board applications are hosted on the Google Cloud Platform (GCP). Google Cloud Platform’s physical security controls are reviewed annually as part of Sounding Board’s vendor management program.
Sounding Board has established detailed operating policies, procedures, and processes designed to help manage the quality and integrity of the Sounding Board environment. Google Cloud Platform firewall rules are configured to block unauthorized inbound network traffic from the internet. In addition, monitoring software is used to identify vulnerabilities and security events on the network, servers, and database and is configured to alert personnel of possible or actual security breaches.
Sounding Board has implemented an enterprise Secure Software Development Life Cycle (SDLC) to help ensure the continued security of Sounding Board applications.
This program includes an in-depth security risk assessment and review of Sounding Board features. In addition, static source code analyses are performed to help integrate enterprise security into the development lifecycle. The development process is further enhanced by developer application security training and penetration testing of the application.
Sounding Board contracts with third-party expert firms to conduct independent internal and external network, system, and application vulnerability assessments.
We contract with a leading third-party security firm to perform an application-level security vulnerability assessment of our web application annually in conjunction with our SOC 2 Type II audit. The firm conducts testing procedures to identify standard and advanced web application security vulnerabilities, including, but not limited to, the following:
Sounding Board is deeply committed to protecting the privacy of our customer’s data and helping our customers meet their privacy obligations. With Sounding Board, you gain leading privacy functionality and practices that enable you to meet your privacy obligations.
Additionally, we are transparent about our privacy practices. We also provide our customers with the necessary resources and information to help them understand and validate their organization’s privacy and compliance requirements.
As data protection issues and global laws evolve and become increasingly complex, Sounding Board understands the importance of maintaining a comprehensive privacy program embedded in our company’s culture and services.
We’re committed to following three principles that reflect our core values:
Our philosophy of “privacy by design” is a testament to this and provides our customers with the assurance they need for the privacy and protection of their data. These privacy principles drive how we train our employees, design and build products, and, ultimately, how we process personal data.
Privacy and data protection require year-round vigilance, and we’re strongly committed to protecting the personal data of our customers and employees.
Privacy continues to be front and center on the global stage with the advent of the General Data Protection Regulations, the continued momentum for U.S. privacy legislation, and new laws throughout Asia and Latin America. At Sounding Board, we welcome this renewed attention, as privacy protections have been a fundamental component of our services. We also understand that privacy is a shared responsibility between our customers and us.
Sounding Board and our customers must be prepared to comply with complex global privacy laws and regulations. Sounding Board stays ahead of international privacy regulations by maintaining a comprehensive global data protection program that contains comprehensive technical, administrative, and organizational safeguards. Our customers can rest assured that we are committed to global privacy standards, as shown by our implementation of Binding Corporate Rules for Processors (BCRs) and being the first company to certify the Asia-Pacific Economic Cooperation Privacy Rules for Processors.
The General Data Protection Regulation (GDPR) is the global benchmark for privacy laws. It sets out individual privacy and access rights and establishes the mechanisms for holding businesses accountable for data use. We base our privacy compliance regime on the GDPR because we are a global-facing company and because the standards it sets protect individuals while simultaneously allowing us to deliver the best results for our customers.
Complying with GDPR means that we
If you want to know more about how we treat data under GDPR, please see our privacy policy, available at https://www.soundingboardinc.com/privacy-policy/.
Complying with GDPR means ensuring that data is transferred out of the EU in accordance with established principles and procedural/technical safeguards. We rely on the Standard Contractual Clauses to transfer data from the EU and, in rare instances, with direct consent from data subjects. All data that leaves the EU is subject to heightened scrutiny and protection, and our obligations are rigorously enforced as set out in the SCCs.
Today’s technology leaders are charged with securing and protecting the customer, employee, and intellectual property data of their companies in an environment of increasingly complex security threats. Companies are also responsible for complying with all applicable laws, including those related to data privacy and transmission of personal data, even when a service provider holds and processes a company’s data on its behalf.
Sounding Board maintains a formal and comprehensive security program designed to ensure the security and integrity of customer data, protect against security threats or data breaches, and prevent unauthorized access to our customers’ data. The specifics of our security program are detailed in our third-party security audits and international certifications.
Sounding Board holds both SOC 2 Type I and Type II certifications. Reports are an independent assessment of our control environment performed by a third party and are available by request.
Niall MacGearailt
Ron Buell
Tommy Perkins
Tommy is at his best helping clients think through complex challenges in order to create a positive impact on their organizations. He thrives when interacting with others whether helping his team succeed or working with clients to build long-term partnerships. He has extensive experience consulting with organizations on driving their employee experience, guiding organizations through change, and working to ensure organizations are moving the needle when it comes to their results.
Most recently, Tommy was a Client Services Leader overseeing some of GP’s most prized accounts on a global level. His responsibilities included overall client growth strategy, retention, and satisfaction. He represented all of GP Strategies’ major business lines including leadership, coaching, and engagement, digital transformation, outsourced services, and technology implementation solutions.
Before GP Strategies, Tommy spent several years with TTEC Digital (formerly rogenSI) where he led the sales team, eventually becoming the regional Learning & Performance practice leader for North America. While managing the P&L and sales team he also led the largest global relationship for the firm (Deloitte Globally). During his time at TTEC, he focused on delivering blended learning solutions that incorporate technology and hands-on training. Before TTEC Digital, he spent several years dedicated to strength-based leadership disrupting the business landscape regarding performance management and employee engagement with thought leader Marcus Buckingham at The Marcus Buckingham Company / TMBC (now ADP).
Tommy has had the privilege of working with some of the most well-known global brands in professional services, retail, technology, and healthcare including Deloitte, Facebook, Microsoft, Bank of America, Novartis, Gap Inc., lululemon, and Intel. Several projects he led for Deloitte were Global GNPS, New Partner Pivot, NextGen Partner Program Deloitte China, Present to Win, the RPM project on performance management, and Unconscious Bias.
Tommy holds a BS in Health Sciences from Texas A&M University, and an MBA from Universidad del CEMA.
Our expert coaches combine top notch coaching, business acumen and organizational savvy to truly become your leadership “Sounding Board”. Sounding Board coaches are all industry certified and strongly vetted going through a 3 step qualification process and receiving ongoing supervision and development.
Lori Mazan
Christine Tao