Peoplefluent, as part of it's comprehensive security policy, utilizes a third party vendor to complete Penetration (PEN) tests of our products on an annual basis.  A summary of these reports is available by request by contacting your Customer Success Manager. 

While we appreciate you may wish to complete your own PEN test, some of these crafted attempts may cause disruption that impacts the performance of your production systems.  As validated by our annual SOC2 reports, we regularly undergo PEN testing using a third party, and perform frequent vulnerability scans that allow us to continually (and safely) validate all our production and non-production SaaS systems.   The combination of these activities, and the use of code security tools in our development process presents a more robust assessment than specific PEN test activities, and remains up to date with newly identified vulnerabilities.  The PeopleFluent team reviews and schedules remediation (as documented in our vulnerability policies) of all findings based on their severity and applicability to the product and its infrastructure. 

We appreciate some of our customers may wish to undergo PEN testing in addition to the testing we complete.  If our SOC and PEN testing documentation is insufficient for your company's security review, with prior coordination and approval we can support a PEN test against your Test environments, which are representative of all production installations. Please work with us to schedule testing outside of normal working hours (ideally after 5pm PST Mon-Fri, or on a weekend.)  During the test window, we require a primary contact, and a way of reaching the testing engineers in the event we need to pause testing.

Please visit our Trust Center to obtain information for your Security needs: https://ltgplc.com/trust-center/ (edited)