SECURITY

Information Security on Archipelago

What is Archipelago?

Archipelago is a SaaS platform featuring a suite of applications designed for ingesting, improving, and centralizing property documents and data for use by commercial property brokers, owners, and insurance underwriters.

Property risk data often exists in ad hoc spreadsheets and email attachments shared freely and insecurely between parties for purposes of commercial insurance. Archipelago provides a secure alternative to these common practices and we go to great lengths to the ensure the confidentiality, integrity, and access of your data.

map-2

Authentication and Access Controls

Archipelago provides customers direct capabilities to manage access between users and organizations.

Authentication

Our authentication is built using Auth0, which  prevents bad actors from gaining access and monitors access to detect anomalies.
Authentication

Corporate Email

Users must have access to the corporate email address they used during sign-up in order to access one-time passcodes (OTP). 
Corporate Email

Domain Security

Access to the platform is protected by domain security that blocks all email domains that do not appear on an approved domain list.
Domain Security

Access Controls

Administrators can easily assign roles & permissions and approve, deny, or revoke access to their data on Archipelago at any time.
Access Controls

Data Storage and Transmission

We work to maintain a high level of data security for both the storage and transmission of our customers’ data. 

Data at Rest: We use AWS as the hosting provider of the Archipelago platform and use server-side encryption on our S3 instances (SSE-KMS, AES-256) with annual key rotation.

Data in Transit:  All network traffic between AWS data centers is transparently encrypted at the physical layer. All traffic within a Virtual Private Cloud (VPC) and between peered VPCs across regions is transparently encrypted at the network layer. At the application layer, Archipelago utilizes Transport Layer Security (TLS 1.2) to create a secure HTTPS connection.

Security Image 1
Security Image 2

API Security

For those interested in integration, our APIs are developed in the GraphQL programming language and allow our customers to:

  • Retrieve property risk data on demand
  • Integrate data into your systems
  • Use your property data in custom applications
Archipelago provides credentials to customers to authenticate to the Archipelago API. 

AI

At Archipelago, we utilize AI to assist in onboarding customer's data from SOVs and documents. Any 3rd party vendors used, are vetted through our Vendor Management process and processing is performed in the United States.

Archipelago has implemented "human in the loop" review for all AI outputs to ensure we keep data quality at the highest level we can. Customers and Brokers are in full control of when data is shared to the markets and can perform a secondary review on the changes using various reports.

Security Image 3

Other Security Programs and Practices

21972-312_SOC_NonCPA

Certifications

Archipelago has acquired its SOC 2 Type 2 attestation across the platform in 2023.

VulnerabilityTesting

Vulnerability Testing

We conduct vulnerability scanning constantly and apply fixes both within our standardly bi-weekly release cycle as well as ad hoc releases for emergency fixes.

PenetrationTesting

Penetration Testing

We regularly perform penetration testing to determine if our platform is susceptible to attacks, most notably DDOS, injection, and CSS attacks.