Welcome to Data Intensity's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation.
If there are any questions you have that are not covered below, please reach out to us below.
Documents
Trust Center Updates
Data Intensity has been made aware of and has identified multiple customers impacted by a recent update to the CrowdStrike Falcon sensor which can cause Windows systems to crash. This issue has impacted Windows systems that utilize CrowdStrike on a global scale. Windows servers are getting stuck in a reboot loop after being updated, preventing resolution via automatic update from CrowdStrike or by support engineers. The current identified fix for this issue is to manually boot to Windows Safe Mode and remove a file from the filesystem.
Data Intensity is proactively reaching out to customers that are confirmed or potentially impacted.
If you are serviced by Data Intensity and require assistance in relation to this issue or any other critical issue, please create a critical ticket via the Data Intensity ServiceNow Portal, contact the Data Intensity support team at the number found on the website https://www.dataintensity.com/about-us/contact/, or contact your Data Intensity Customer Success manager.
Additional Information can be found below:
https://www.windowslatest.com/2024/07/19/windows-10-crashes-with-bsod-stuck-at-recovery-due-to-crowdstrike-update/
https://supportportal.crowdstrike.com/s/login/?ec=302&startURL=%2Fs%2Farticle%2FTech-Alert-Windows-crashes-related-to-Falcon-Sensor-2024-07-19 (requires CrowdStrike access)
ServiceNow published a Critical CVE on July 10, 2024. CVE-2024-4879, ranked 9.3 via CVSSv4, is a critical input validation vulnerability that could permit unauthenticated remote code execution. Data Intensity has reviewed the details and confirmed that currently the Data Intensity ServiceNow instance is on Washington DC Patch 1 Hot Fix 3b, which contains the fix for this particular vulnerability.
Details on the vulnerability can be found here: KB1644293
If you have any questions, please reach out to security@dataintensity.com.
The United States CISA has recently added a 2017 WebLogic vulnerability to its "Known Exploited" vulnerability list. This list mandates that all US government agencies and/or contractors that have systems susceptible to this vulnerability remediate it within 30 days of the vulnerability being added to the list.
While organizations who are susceptible to this vulnerability are likely aware of its criticality and existence and are either unable to or have chosen not to update their systems, this change in status is significant and may have further impact to organizations.
You can find the CISA announcement here: https://www.cisa.gov/news-events/alerts/2024/06/03/cisa-adds-one-known-exploited-vulnerability-catalog
Oracle has released the Critical Patch Advisory for April 2024. It is suggested that users of these products review the vulnerabilities, prioritizing the application of updates to critical, publicly exposed systems without extensive mitigating controls and those with a higher risk factor. Data Intensity support staff is in the process of reviewing the impact of these vulnerabilities to supported customers and will be communicating to customers to setup patch windows based on the customers agreed upon patching cadence. Additional guidance and analysis will be posted here as made available.
Oracle Critical Patch Update Advisory - April 2024
Oracle April 2024 CPU Blog Post
Data Intensity has identified a typo within its 2023 Q3 Enterprise SOC1 Report covering from April 1, 2023 through September 30, 2023. The report previously distributed has the incorrect period dates within the report. If you have previously received a copy of the incorrect report, we request that you delete all copies of the incorrect report and request a copy of the new version.
Transition from SOC1 Type 2 to SOC2 Type 2
Please note that Data Intensity has not posted this report on this portal as we are transitioning away from providing SOC1 reports for all customers and instead rely on our SOC2, however it has been provided to some clients to support the transition.
If you are in need of an updated report or have questions on the transition from the SOC1 to the SOC2, please reach out to zzcompliance@dataintensity.com or your Customer Success Manager.
If you need help using this Trust Center, please contact us.
If you think you may have discovered a vulnerability, please send us a note.