Self-Service Due Diligence
As a risk management organization, we recognize and promote the significance of managing risk, especially when establishing new vendor relationships. For our customers, we expect you to apply the same mindset to evaluating us as your provider. This page serves as a comprehensive guide to facilitate your due diligence with LogicManager. Below is an overview of the reports available and commonly addressed inquiries.
For LogicManager customers, a complete list and detailed information are available in LogicManager University. We aim to empower you with the necessary insights to make informed decisions and build a strong partnership. If you have further queries, feel free to explore LMU or reach out to our support team.
Common Reports We Can Provide on Request:
- Business Documents: Providing essential background information.
- Rapid Ratings Report: Offers insights into financial stability and security.
- SIG LITE: An established due diligence framework used by organizations to gather key points of due diligence information on each other. We have completed the SIG LITE questionnaire which can give you a full spectrum of info you need to know.
- W9: Ensuring compliance with tax regulations.
- SOC 2: We adhere to SOC 2 standards, and the report is accessible.
- IT Security Report (Includes Pen Test): Demonstrating our commitment to robust cybersecurity.
- MA Tax Certificate of Good Standing: Verifying our standing with tax authorities.
- Certificate of Insurance: Providing assurance of coverage.
- Insurance - D&O ELP & Fiduciary Liability Proof of Coverage: Detailed coverage information.
- Insurance - Professional Liability, Network Security and Privacy, Cyber, Business Interruptions: Comprehensive coverage details.
- BC-DR Test Results: Demonstrating the outcomes of business continuity tests.
- Tri-Party NDA for Oracle: Facilitating secure collaborations.
- Oracle SOC 2: Ensuring compliance and transparency in our Oracle-related operations.
- Business Documents: Providing essential background information.
- Rapid Ratings Report: Offers insights into financial stability and security.
- SIG LITE: An established due diligence framework used by organizations to gather key points of due diligence information on each other. We have completed the SIG LITE questionnaire which can give you a full spectrum of info you need to know.
- W9: Ensuring compliance with tax regulations.
- SOC 2: We adhere to SOC 2 standards, and the report is accessible.
- IT Security Report (Includes Pen Test): Demonstrating our commitment to robust cybersecurity.
- MA Tax Certificate of Good Standing: Verifying our standing with tax authorities.
- Certificate of Insurance: Providing assurance of coverage.
- Insurance - D&O ELP & Fiduciary Liability Proof of Coverage: Detailed coverage information.
- Insurance - Professional Liability, Network Security and Privacy, Cyber, Business Interruptions: Comprehensive coverage details.
- BC-DR Test Results: Demonstrating the outcomes of business continuity tests.
- Tri-Party NDA for Oracle: Facilitating secure collaborations.
- Oracle SOC 2: Ensuring compliance and transparency in our Oracle-related operations.
Most Frequent Due Diligence Requests on LMU
LogicManager is the industry leader in SaaS-based Enterprise Risk Management (ERM) software that empowers organizations to anticipate what’s ahead, uphold their reputations, and improve business performance through risk-based governance, risk management, and compliance (GRC). Our innovative solution packages are designed to fit the exact needs of our customers while being scalable, repeatable, and configurable. Through our Gartner and G2 recognized software, we empower organizations to build a better tomorrow.
LogicManager was founded in 2005 as an enterprise risk management organization. In 2008, the RIMS Risk Management Society, a longstanding partner of LogicManager, published the results of our work; proving a direct correlation between better business performance and a higher degree of adherence to the Risk Maturity Model. Today, LogicManager provides powerful risk management software with comprehensive solutions that supply organizations with focused and improved risk management processes. Our software allows you to centralize your risk management program into an all-in-one hub while streamlining your processes with a range of automated tools that allow for better risk identification, monitoring, and reporting. We were inherently built as a centralized software, therefore information flows seamlessly between each area, instead of acquiring pieces that may not speak to each other as well. Additionally, we pair customers with our team of expert thought leaders and risk management consultants to get your business to go exactly where you want it to go. With a range of personalized training sessions and best practice consulting services, our team can make your hard work easier and deliver results to both protect and optimize your business all while not charging professional service fees. Our strategic vision is delivering no-code enterprise solutions, integrating machine learning, and becoming a centralized hub for all technologies in a company’s ecosystem.
6 Liberty Square #2316, Boston, MA 02109
We are a private company.
Incorporated in 2005 in the US state of Delaware.
Steven Minsky, Founder and CEO
We are a private company so we do not provide audited financial statements. However, we can provide a third-party Rapid Ratings Report which provides objective information on the financial health of our company. We are an organically grown and cash flow-positive organization that is in great financial health. We are happy to provide other documentation and arrange conversations with our CFO as needed.
SOC 2 is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data. The standard is based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy. LogicManager completes the SOC 2 audit each year. This report should answer many Due Diligence related questions.
(Note: LogicManager requires NDA in order to share SOC2 report with prospective customers.)
The SIG Lite is The SIG LITE questionnaire is designed to provide a broad, but high-level understanding of a third party’s internal information security controls. The SIG Lite is for organizations that need a basic level of assessment due diligence. It can also be used as a preliminary assessment before a more detailed review.
All data is encrypted via TLS1.2 in transit, and via Oracle TDE at rest.
Yes, LogicManager is cloud native and uses Oracle Cloud as our data center partner.
Our main domestic data center is in Ashburn, VA. Our domestic backup location is in Phoenix, AZ. No domestic data leaves the U.S.
We have international data centers located in Frankfurt, Germany to serve EMEA customers, and in Sydney, Australia for Oceania customers.
Customer data is backed up daily, weekly, and monthly to lengthen the time window for issues to be discovered. All backups are done without impacting customer access. The full LogicManager operating environment is backed up to accelerate disaster recovery. Disaster recovery reconstitution must be performed at a minimum of annually to ensure back-ups of all elements for a catastrophic recovery are validated as viable with a maximum recovery time of 72 hours.
Data residing on corporate systems must be continually evaluated and classified into the following categories:
- Personal: includes user's personal data, emails, documents, etc. This policy excludes personal information, so no further guidelines apply
- Public: includes already-released marketing material, commonly known information, etc. There are no requirements for public information.
- Operational: includes data for basic business operations, communications with customers, vendors, employees, etc. (non-confidential). The majority of data will fall into this category.
- Critical: any information deemed critical to business operations (often this data is operational or confidential as well). It is extremely important to identify critical data for security and backup purposes.
- Confidential: any information deemed proprietary to the business. See the Confidential Data Policy for more detailed information about how to handle confidential data.
The customer determines what data LogicManager has access to.
We can provide customers with Oracle's SOC 2 once a tri-party NDA has been signed by Oracle, LogicManager, and the requesting customer.
No, LogicManager does not share client data with third parties.
No, we do not have a data storage limit.
We have not experienced a data breach since 2005. Many of our direct competitors have experienced breaches in the past 2-3 years.
- Agile approach to software development
- All connections to LogicManager’s platform are established through TLS 1.2 protocol and support 256-bit encryption strength
- Customer data is segmented into their own schemas
- LogicManagers database is encrypted
- Annual external pen testing
- Scanning of production code
- Vulnerability scanning on external facing and selected internal facing IPS
- Well-thought-out incident response policy
- DR/BCP
- Change Management policy
- Annual Security Awareness training
- Data Centers: LogicManager is a SaaS-based solution that is hosted in Oracle Cloud in either the USA, EU, Middle East, or APAC.
- SOC 2 Certification
LogicManager has about 100 employees globally.
LogicManager is consistently recognized as a Great Place to Work. This link provides more insight into LogicManager's company culture and vision. In addition, LogicManager's DEI vision is to foster a welcoming environment for all employees, regardless of race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), national origin, age (40 or older), disability or genetic information, or any other protected status as defined by federal, state, and county laws. We are committed to the principles of equal opportunity and comply with all laws, regulations, and policies relating to equal opportunity, affirmative action, and non-discrimination in all our personnel actions. Such actions include hiring, layoffs, benefits, transfers, terminations, recruiting, compensation, corrective action, recalls, and promotions. LogicManager employees confidentially complete a biannual survey on the status of our company culture. Our employees then provide their thoughts on how we are meeting particular DEI goals and also encourage feedback on how we can continue to improve moving forward. The results of this survey drive the DEI strategies of our Culture Committee, which are available to all employees within LogicManager's internal instance.
Yes, all new hires sign a Confidentiality, Non-Solicitation, and Proprietary Rights Agreement.
Yes, details on the audit of our HR policies are included in our SOC 2.
LogicManager uses agile development and releases every 4 weeks to be responsive to customer and market trends. While we provide roadmaps to customers quarterly, we can only provide thematic releases in the range of 3-6 months. Beyond 6 months, LogicManager can share its product vision. Our releases will naturally evolve to align current trends and market needs with our product vision.
Notification of Release Maintenance will be sent to customers as soon as the time frame for the update is known. An email will be sent to a customer list of personnel maintained for each customer.
Need More Information?
If you are an existing customer, please visit the Self-Service Due Diligence center on LogicManager University for a full list of reports and frequently requested data. Should you have additional queries, you can reach out to our support team via the form on this page.