What is the Security and Trust Self-Certified Badge on an app in Procore's App Marketplace?
Answer
The Security & Trust - Partner Self-Certified badge indicates that a Partner has completed Procore’s Partner Self-Certified security review process. Partners have supplied answers to a set of standard questions, self-certifying their adherence to certain specific security requirements.
The list of standard questions and each Partner’s answers can be found on the Partner’s Marketplace listing by clicking the badge and downloading the PDF. The Partner is solely responsible for the accuracy of the information they have provided through Procore’s review.
Note
Procore’s Security review process does not constitute a detailed application-level security validation. This is a review of the partner’s company-level security practices.
Shared Responsibility
Assessing application and vendor security is a shared responsibility. This badge is not intended to replace any vendor vetting led by a Procore customer. This is meant to provide Procore customers with supplemental information in addition to a customer’s own security evaluations. Customers should continue to do their own assessment before leveraging any technology or contracting with a specific vendor.
Shared Responsibility Statement
Assessing integration security is a shared responsibility between Partners, Procore, and our Customers. This responsibility is shared as follows:
Procore Technology Partners
- Procore’s Technology Partners design and develop integrations according to Procore’s Technology Partner Agreement, API Terms of Use, and Developer Documentation, their own legal obligations, and industry best practices for reliable and secure integrations. To be listed on the Procore Marketplace, Procore requires that partners provide the necessary support and information to help Procore customers make informed technology decisions.
Procore
- Procore provides our Technology Partners with detailed documentation, developer tools/functionality, and specific requirements to help build trustworthy integrations. Procore is also committed to providing the information necessary to help customers source and vet applications that will meet their business needs.
- In the event that partners aren't meeting minimum partnership requirements, Procore may take action, including, but not limited to, refusing to list or removing partner integrations from our Marketplace and/or Technology Partner Program until requirements are met.
Procore Customers
- Procore customers should leverage all of the information made available by Procore and our Technology Partners to vet applications based on their own security criteria. Application installation may require a new relationship with a Technology Partner that is distinct from the relationship with Procore. Customers should always conduct their own assessment before leveraging any technology or contracting with a specific vendor.
To learn more about an app before installing, we recommend customers:
Review the Partner-provided Security & Trust answers.
This includes information about:
- Organizational and technical security measures in place to protect personal data.
- The organization’s security policies and any earned certifications.
- Data storage, including countries where data is stored and any sub processors/vendors used to process or store Procore customer data.
- Application security features.
Visit the partner’s website.
Some partners have their own Trust & Security centers on their website, which can provide detailed information about the company and specific integrated product.
Connect with the partner directly.
Partner contact information is provided on the Application listing and some partners may have dedicated security contact channels listed on their website.
Conduct a thorough vendor assessment
Prior to purchasing any new technology, customers should conduct a thorough vendor assessment to ensure the partner meets both business needs and the organization’s security requirements.