(805) 973-7450
Contact Us

Architecture and Security Overview

InvolveSoft is a cloud-based platform that manages and promotes corporate volunteering. This includes administrative functions, employee communication, connecting employees with nonprofit volunteering opportunities and rich performance analytics. The result is a reduction in overhead and an increase in community giving. InvolveSoft manages the booking process for volunteering events including sourcing, registration and invitations, as well as post-event tracking and reporting, including hours contributed, pictures uploaded, and employee ratings and comments.

Your trust is our most important asset and we take numerous steps to maintain it. All customer information stored by InvolveSoft is protected by rigorous infrastructure and
administrative procedures. We maintain a highly secure environment that meets the physical and data protection requirements demanded by today’s businesses. The
application is hosted at Amazon Web Services (AWS).


User Authentication

InvolveSoft offers two options. The most common is Single Sign-On (SSO) integration
using the Security Assertion Markup Language (SAML 2.0) via a third-party identity
provider, such as Okta, Ping or OneLogin, or with a corporate authentication system
(e.g. LDAP/Active Directory).

For customers who do not utilize SSO integration, each employee will use their
company email address and establish their own password via a form-based
authentication. Users are required to change their passwords after the first login, and
password credentials must meet the minimum length, complexity (alphanumeric, case,
special characters) and change frequency requirements.

Physical Security
InvolveSoft uses data centers that are secure, guarded, and monitored 24/7 with video surveillance and intrusion detection systems. Authorized staff must utilize multi-factor authentication to access any data center. All physical access to data centers by AWS employees is logged and audited.
AWS has been certified by third-party organizations and complies with numerous laws
and compliance regulations including ISO, SOC, and GDPR. A list of certifications and
compliance statements can be found here.
All content is stored on Amazon’s Simple Storage Service (S3) and is encrypted at rest. All traffic between the application and the client is encrypted in transmission using HTTPS with industry-standard transport layer security (TLS) technology.
Systems are backed up regularly with backups stored off-site. If any data is lost or becomes temporarily unavailable, it can be restored from the latest backup. Backups are stored on the Amazon S3 service with high availability and reliability, persisting the data across multiple availability zones.
Policies and Procedures
InvolveSoft policies, procedures, and training address data privacy, security, and regulations including employee background checks, handling of confidential information and data retention. We require all our third-party technology partners to meet the same level of data privacy and security requirements.
Risk Management and Mitigation
InvolveSoft monitors for potential incidents related to security and/or privacy. Incidents are reported through a tracking system and trigger internal alerts, data collection, isolation, correction, and prevention measures. We will notify a customer’s security team about any confirmed incident within 24 hours.
Vulnerability and Penetration Testing
InvolveSoft follows secure coding practices consistent with the Open Web Application Security Project (OWASP) and utilizes peer review throughout the development process. The next scheduled test will be performed by an independent (third-party) security firm.
Business Continuity and Disaster Recovery
InvolveSoft technology resources are designed to withstand disruptions in normal operations. All internal systems are cloud-based, enabling execution from multiple locations in the event of a disaster. All customer-provided services are managed in multiple zones, eliminating single points of failure. InvolveSoft development teams are geographically dispersed and can back each other up as needed.
Contact Us