Frequently asked RFP questions

This is a repository of frequently asked questions that are particularly useful when responding to Requests for Proposals (RFPs). These questions are designed to provide clear and concise answers to common inquiries about our products, services, and company operations. By addressing these FAQs, we can ensure consistent and accurate responses that showcase our expertise and align with the specific requirements of the RFP process.

Frequently asked questions

Does InEvent process protected health information (PHI) or any data covered by the Health Insurance Portability and Accountability Act (HIPAA)?

Yes. InEvent is certified and compliant with Health Insurance Portability and Accountability Act of 1996 (HIPAA). InEvent safeguards individual protected health information (PHI) in compliance with HIPAA by treating all PHI as confidential and private. You may request a copy of this certificate and our Business Associate Agreement (BAA) through your customer success manager. Visit here for more information.

Does InEvent have a well-documented Business Continuity Plan (BCP) that is tested annually

Yes. InEvent, Inc. has developed a Business Continuity Plan (BCP) on how we will respond to events that significantly disrupt our business. Since the timing and impact of disasters and disruptions is unpredictable, we will have to be flexible in responding to actual events as they occur. Please refer here to read our Business Continuity Plan.

Does InEvent have a well-documented Disaster Recovery Plan (DRP) that is tested annually?

Yes. Our Recovery Time Objective (RTO) is 4 hours and our Recovery Point Objectives (RPO) is 24 hours, as detailed on our Business Continuity Plan.

Is InEvent designed to process or store credit card information?

No. InEvent does not collect or store payment or card data in hosting environment. However, we have an existing partnership with Stripe for clients that required payment through Stripe's platform. Stripe is a PCIDSS certified third party that handles card payment.

Does InEvent provide professional services related to this product?

InEvent provides support to all our clients and develops special features to the event management platform as requested by the client.

Describe InEvent's business background and ownership structure, including all parent and subsidiary relationships.

• Business background: InEvent has been in the market for over 10 years, delivering high-quality services for virtual, hybrid and live events. Established in 2013, InEvent has developed the most respected products, support and community for the A/V and event industry globally and beyond. Our experienced software is where audiovisual and event professionals host their hybrid and virtual events, offering 24/7 support, branded scalable platform, transparent pricing and feature-rich customizable tools.We are a white-label cloud-based software with easy and comprehensive navigation. Among our offerings, we have a complete set of features for registration, attendance management, ticket sales, badge printing for fast accreditation, and NFC integrations for on-site activations. Some exclusive features such as automatic audio transcripts, audio interpretation and sign language channels, and tab key navigation to support accessibility in events. And also, numerous engagement features such as polling, gamification, file sharing, feedback, QR codes, maps, and questions.We have in our portfolio clients such as Coca-Cola, Amazon, Santander, Bosch, Bayer, KPMG, Honda, DuPont, Eli Lilly, Carrefour, Stefanini and others. InEvent investors include Y Combinator, the leading early stage business accelerator, Storm Ventures, the leading early-stage enterprise investment fund and also prestigious VC firms such as Rebel Fund, Magma Partners and others. We built partnerships with tech giants like Twitter, Marketo, Microsoft, Oracle, SAP, Salesforce and others to offer a better experience for your day to day management. InEvent's powerful ecosystem connects with platforms that you already use, trust and endorse, providing security and connectivity. Please find more information here.
• Ownership structure: Pedro Goes is the CEO of InEvent, a Y Combinator venture backed company. Pedro has over 12 years of software, marketing and event management experience. He is a Y Combinator Alumni, a 40 under 40 founder by Association Magazine, a UK Event Tech Award Winner and a Gold Crocodile Award Winner. Vinni Neris - Entrepreneur and CRO at InEvent, he has led the business development process to implement a software intelligence for managing corporate training, travel and events, for companies such as Santander Bank, Amazon, Coca-Cola, Gladly and others. Mauricio Giordano - Entrepreneur and CTO at InEvent.
• InEvent founders have been selected by Y Combinator and also Tampa Bay Diversity program due to our commitment to diversity at the InEvent company and worldwide diversity. Minority owned business; and supplier diverse company, with a latino and women background leadership.

Does InEvent have a dedicated Information Security team or office?.

Yes. Secure access to your data is provided through a series of security policies implemented and enforced by InEvent's top team of experts, including countermeasures such as:-

• Data hosted in top-tier, world-class data center.
• Limited IP ranges to user level access.
• Physical token access to authenticate operations.
• Employee access to limited amount of accounts.
• Fire detection and suppression systems.
• Fault tolerant, redundant servers.
• Isolated end secure client environment.
• Data encrypted and transmitted via Secure Socket Layers (SSL) technology.
• Role-based Access Control (RBAC) options for provisioning access.
• SaaS (Software as a service) support and deployment.
• Logging and auditing available for read and write operations.
• Failed login attempts and malicious input monitoring.
• Secure notifications monitoring to administrators.
• Unique account/username/password access control.
• One-way encryption for all passwords.
• Account lockout and password expiration
• Your software can be customized to your organization's profile to limit access to external threats, accelerate deployment speed and increase brand awareness.
• Mobile device management (MDM) support for secure corporate app deployment.
• Proprietary Google Play or Apple Store accounts for deploys and updates.
• Available CNAMEs for event URL hosts and event directory pages.
• Email DNS can be used to send emails as aliases from your company's domain.
• Single sign-on (SSO) support, including SAML 2.0 and LDAP databases for secure authentication between domains.

Has InEvent undergone an SSAE 18/SOC 2 audit?

Yes. InEvent is certified and compliant with AICPA Service Organization Control Reports. InEvent protects its customer data following the compliance standards provided by AICPA and other governing bodies of data privacy both in the US and Europe. InEvent Certified Public Accountant is A-LIGN.You may request a copy of this certificate through your selected account manager or customer success manager. Detailed policies can be found below in our Data Management and Privacy sections. Refer to the website for more information.

Can InEvent's systems that hold data comply with NIST SP 800-171 and/or CMMC Level 2 standards?

Yes. InEvent utilizes AWS as its hosting provider and AWS is compliant with NIST SP 800-171, hence, all AWS customers can use AWS services to prepare for and maintain compliance with the standard. Please visit link here for more details.

Does InEvent have a documented change management process?

Yes. InEvent has documented and implemented a change management policy that details how changes are initiated, tested, approved and deployed into our production environment. Typically, changes are initiated based on business demands, this could be due to customer's demands, business innovation assessments, product roadmap, amongst others. Afterwards, the changes are developed, tested, approved by the CTO and deployed into the production environment. In all these process, InEvent has ensured that separate environments are maintained for all our critical systems and developers are not able to push their own codes to production environment in line with our change management policy.

Has a VPAT (Voluntary Product Accessibility Template) or ACR (Accessibility Conformance Report) been created or updated for InEvent's product and version under consideration within the past year?

Yes. InEvent follows the Web Content Accessibility Guidelines (WCAG), which makes web content more accessible to people with disabilities. InEvent has currently implemented WCAG Level AA on its products. You can find more information about InEvent compliance through our Voluntary Product Accessibility Template (VPAT), available through your account manager or customer success manager. You can also access our country accessible compliance page here.

Does InEvent perform security assessments of third-party companies with which it shares data (e.g., hosting providers, cloud services, PaaS, IaaS, SaaS)?

InEvent has implemented third party risk management practices which has also been assessed by an independent party to ensure that all third party vendors are thoroughly verified.

Can you provide a brief description of why each of these third parties has access to InEvent’s data (e.g., hosting providers, cloud services, PaaS, IaaS, SaaS)?

InEvent utilizes the following third parties to provide its event management solution:

• AWS: For database services.
• Fastly & Akamai : For content delivery.
• Agora & Tokbox: For WebRTC video streaming and storage.
• API Video, MUX & IVS: For RTMP Video streaming and storage.
• Postmark : For Email processing as part of a global email delivery network (15-day storage retention).
• Neverbounce Inc: For AI data verification on email sanity checkup.
• Google Cloud: For WebSocket, voice to text transcription and live text translations.
• Twillio : For SMS delivery.

What legal agreements (e.g., contracts) does InEvent have in place with third parties that address liability in the event of a data breach?

InEvent has several agreements in place such as Service level agreement, Data processing agreement, amongst others. These agreements ensure that the expectations of InEvent in terms of security controls and strong IT environment is established. The data processing agreement also includes data privacy clauses that ensures that the third party abides by the data protection principles of the standards that we follow.

Does InEvent have an implemented third-party management strategy?

Yes, InEvent has implemented a third party management strategy that allows InEvent to manage third party risks. Typically, InEvent commences any engagement with third parties with vendor assessment and selection. After continuous engagement with the vendor, this continues with engagement monitoring to review control risks at the vendor's side.

Does InEvent support single sign-on (SSO) protocols for user and administrator authentication?

Yes. Using SAML 2.0, organizations can integrate InEvent solution with their current enterprise federation. Login can be the same used on your central repository, which can be any SAML 2.0 protocol solution, including Microsoft AD or Amazon IAM. Authentication occurs using encrypted connections and are limited to your organization specific endpoint. Click here for more information.

Does InEvent support local authentication protocols for user and administrator authentication?

Yes. There is an hybrid option on the platform which can be disabled if not needed. Hence, authentication can be done via direct access or single sign-on (SSO)

Does InEvent allow enforcement of password/passphrase aging requirements?

Yes. Aging requirements are implemented by setting specific password/passphrase on the backend of the application to enhance quality, meet regulatory standards or meet your specific password policy.

Does InEvent enforce password complexity or length requirements?

No. Password complexity requirements are implemented by setting specific password/passphrase on the backend of the application to to enhance quality, meet regulatory standards or meet your specific password policy.

Does InEvent have documented password/passphrase reset procedures that are implemented in the system and/or provided through customer support?

Yes. For reset of password/passphrases on the application, after the reset password/passphrase is submitted following some validation requirements, a magic link is sent to the registered email of the user to access the application. Please refer to this article for more information.

Does InEvent's application support integration with other authentication and authorization systems?

Yes, InEvent supports integration with external authentication and authorization systems, including Single Sign-On (SSO) using protocols such as SAML, OAuth, and OpenID Connect. This allows users to log in using their existing credentials from identity providers like Okta, Microsoft Entra ID, and Google Workspace. You can learn more about our SSO integrations here.

Does InEvent support any of the following web SSO standards: SAML2 (with redirect flow), OIDC, CAS, or other?

Yes. InEvent supports Using SAML 2.0. Organizations can integrate InEvent's solution with their current enterprise federation. Login can be the same used on your central repository, which can be any SAML 2.0 protocol solution, including Microsoft AD or Amazon IAM. Authentication occurs using encrypted connections and are limited to your organization specific endpoint.

If InEvent does not support SSO, does the platform's application and/or user portal support multi-factor authentication (MFA), such as Duo, Google Authenticator, or OTP?

InEvent supports SSO and we offer 2 factor authentication by verification code via mobile or email. This option will be available to your administrators, based on your setup choice, every time its is required to login at the platform. Additional operations, such as generating sensitive reports, will also require a secondary validation. Options include email and SMS based codes. Please refer here for mote information.

Does InEvent automatically lock a session or log out an account after a period of inactivity?

Maximum session time-out of 10-15minutes is implemented on the system.

Can you describe or provide a reference to your system's capability to log security/authorization changes as well as user and administrator security events, such as login failures, access denied, and changes accepted? Additionally, could you outline the requirements necessary to implement logging and monitoring on your system? Please include information regarding the usage of SIEM/log collectors.

The InEvent system keeps an audit log trail of events on the system on the application level and the operating system level including login, logout, actions performed, and source IP address events amongst others. In addition, these audit logs are monitored by InEvent to ensure that all activities on the system are legitimate activities. Alerts have also been configured to ensure that all suspicious activities are notified to the security administrators immediately for investigation. Please refer to our article for more information.

Can you describe or provide a reference to the retention period for security and access logs? How are these logs protected, and are they accessible to customers? If so, please explain how customers can access them.

The retention period of the logs is in line with our privacy policy. All logs relating to the client's event and information are deleted after the business relationship ends. The logs are protected through strong user access control mechanisms that are in place and the logs are only accessible to authorized personnel at InEvent who activities are logged and monitored. Some of the logs are available to administrators of the client profiled on the platform as a customized report which cannot be deleted by the client administrators, while others can be shared with the client on demand.

Does InEvent's Business Continuity Plan (BCP) include a defined problem or issue escalation plan for impacted clients?

InEvent has implemented a BCP that also details our problem/issue escalation plan. The problem escalation process for impacted clients follows a structured approach to ensure rapid response and resolution. If an issue arises, it’s immediately logged and assessed by the support team to determine severity. High-impact incidents trigger automatic escalation to senior technical staff and, if needed, to executive leadership, who oversee communication and resource allocation. Clients are updated regularly through dedicated communication channels until resolution. If further escalation is necessary, we coordinate with external partners or vendors, ensuring continuity of service and minimal disruption for our clients.

Does InEvent review all components of its Business Continuity Plan (BCP) at least annually and update them as needed to reflect changes?

Yes, this is done through our Business Impact Analysis (BIA). After this is completed, critical assets are identified and reclassified.

Does InEvent's Change Management process include, at a minimum, authorization, impact analysis, testing, and validation before implementing changes in production?

Yes. InEvent has documented and implemented a change management policy that details how changes are initiated, tested, approved and deployed into our production environment. Typically, changes are initiated based on business demands, this could be due to customer's demands, business innovation assessments, product roadmap, amongst others. Afterwards, the changes are developed, tested, approved by the CTO and deployed into the production environment. In all these process, InEvent has ensured that separate environments are maintained for all our critical systems and developers are not able to push their own codes to production environment in line with our change management policy.

Does InEvent have a documented policy and procedure, currently implemented, that outlines how security risks are mitigated until patches can be applied?

InEvent has no tolerance for security vulnerabilities. Hence, our Product team, Development team and Security team work together to quickly resolve all vulnerabilities in due time.

Are upgrades or system changes installed during off-peak hours or in a manner that does not impact the customer?

The upgrades and system changes are typically done during non-business hours.

Do procedures exist to provide that emergency changes are documented and authorized (including after-the-fact approval)?

Yes. Emergency changes are tested before they are deployed and are approved by management. Since we run an agile environment, this poses no risk to us in terms of change management.

Do you have an implemented system configuration management process? (e.g., secure "gold" images, etc.)

Yes. InEvent's systems management and configuration strategy focuses on configuration management, updating configuration, and continuous monitoring to ensure security, compliance, and operational efficiency.

Is sensitive data encrypted, using secure protocols/algorithms, in transport? (e.g., system-to-client)

Yes. InEvent utilizes strong encryption algorithms and protocols including TLS 1.2 and above to prevent man in the middle attacks. Strong ciphers and hashing algorithms are also in place.

Will the institution's data be available within the system for a period of time at the completion of this contract?

No, we have no regulatory requirements that mandates us to store data after the business relationship ends, as such, all data belonging to the institution is deleted after the business relationship ends.

Do current backups include all operating system software, utilities, security software, application software, and data files necessary for recovery?

InEvent’s backup procedures encompass all essential components required for full system recovery. This includes operating system software, utilities, security software, application software, and data files. By maintaining comprehensive backups, InEvent ensures that, in the event of a disruption, all critical systems and data can be restored to maintain business continuity. Please refer to our article for more information.

Does InEvent perform off-site backups? (i.e., digitally moved off site)

Yes, InEvent performs off-site backups by digitally transferring data to secure, geographically dispersed locations. This strategy protects against data loss due to localized incidents and aligns with best practices for disaster recovery. Please refer to our article for more information.

Are physical backups taken off site? (i.e., physically moved off site)

InEvent’s backup strategy primarily focuses on digital off-site backups. While the company emphasizes digital methods for data redundancy and recovery, it does not explicitly mention the use of physical backups that are physically transported off-site. Please refer to our article for more information.

Does your staff (or third party) have access to institutional data (e.g., financial, PHI or other sensitive information) through any means?

At InEvent, a very tight environment is maintained by ensuring that only very few administrators have access to the production environment. All other support staff only interact with clients to provide event support and resolve issues on the platform.

Describe or provide a reference to your Disaster Recovery Plan (DRP).

InEvent, Inc. ('InEvent') has developed a Business Continuity Plan ('BCP') on how we will respond to events that significantly disrupt our business. Since the timing and impact of disasters and disruptions is unpredictable, we will have to be flexible in responding to actual events as they occur. With that in mind, we are providing you with this information on our BCP.

• InEvent Policy: InEvent's policy is to respond to a Significant Business Disruption (SBD) by safeguarding employees' lives and InEvent property, making a financial and operational assessment, quickly recovering and resuming operations, protecting all of InEvent's books and records, and allowing our client's to use their systems. In the event that we determine we are unable to continue our business, we will assure client's prompt access to their data and logs.
• Significant Business Disruptions (SBDs): Our plan anticipates two kinds of SBDs, internal and external. Internal SBDs affect only InEvent's ability to communicate and do business, such as a fire in our building. External SBDs prevent the operation of events, such as a terrorist attack, a city flood, or a wide-scale regional disruption. Our response to an external SBD relies more heavily on other organizations.
• Plan Location and Access: InEvent maintains copies of its BCP plan and the annual reviews, and the changes that may be made to it for inspection. InEvent operates from 2711 Centerville Road, Ste 400, Wilmington, DE 19808.
• Alternative Physical Location(s) of Employees: In the event of an SBD, we will move our staff from affected office(s) to the closest unaffected temporary office location(s).
• Operational Risk: In the event of an SBD, we will immediately identify what means will permit us to communicate with our clients, employees, critical business constituents, critical banks, critical counter-parties and regulators.
• Financial and Credit Risk: In the event of an SBD, InEvent will determine the value and liquidity of InEvent's investments and other assets to evaluate InEvent's ability to continue to fund its operations and remain in compliance with net capital and/or net worth requirements.
• Business Constituents: InEvent will contact its critical business constituents (businesses with which we have an ongoing commercial relationship in support of our operating activities, such as vendors providing InEvent with critical services), and determined the extent to which we can continue our business relationship with them in light of an internal or external SMBD.
• Disclosure of Business Continuity Plan: InEvent discloses its BCP to clients upon establishing a new account and annually. InEvent will also mail the BCP summary to its clients upon request.
• Updates and Annual Review: InEvent will periodically, but not less frequently than annually, update this plan whenever there is a material change to our operations, structure, business location or subsidiaries.

Please refer to this page for more information.

Is there a documented communication plan in your DRP for impacted clients?

Yes. The InEvent DR plan covers a strategy on communication to impacted clients and this is tested regularly and can be executed when the need arises.

Do you have an information security awareness program?

Yes, all new employees at InEvent are required to complete mandatory security awareness training upon joining the organization. This training includes assessments to ensure they fully understand key security concepts.

To keep staff informed about the latest security threats and best practices, we provide weekly refreshers, on-demand sessions, security tips, and regular quizzes.

Additionally, security measures are in place during the offboarding process. Exit interviews are conducted, and we ensure that terminated or resigned employees lose access to critical information and are deactivated promptly.

Does InEvent have a formal incident response plan?

Yes. InEvent has implemented an incident response process which involves detecting, containing, eradicating, and recovering from security breaches. Post-incident reviews analyze the event to improve future response and security measures.

Does InEvent carry cyber-risk insurance to protect against unforeseen service outages, data that is lost or stolen, and security incidents?

Yes. InEvent has cyber insurance policies that covers several exposures such as data breaches, network disruptions, and ransomware attacks. It may include costs for data recovery, legal fees, notification and credit monitoring services, and business interruption losses.

Are your systems and applications regularly scanned externally for vulnerabilities?

Yes. InEvent conducts external vulnerability assessment and penetration testing regularly. This is done with the support of our third party assessor who performs the scan and attempts penetration testing. Afterwards, all vulnerabilities identified are quickly remediated and the environment is security hardened as applicable.

Does InEvent support data encryption at rest using the AES-256 algorithm or higher through the implementation of cryptographic routines within the application?

Yes. InEvent utilizes strong encryption algorithms and protocols including AES-256 and above to prevent decryption attacks and unauthorized access. Strong ciphers and hashing algorithms are also in place.

Does InEvent support dual control implementation for encryption keys, and are these keys protected through encryption using a cryptographic algorithm equal to or stronger than the key used for data encryption?

Yes. Encryption key utilized by InEvent supports dual control implementation and is stronger than the key used for data encryption in line with InEvent's cryptography policy.

What is used for encrypted data at rest (i.e AES 256) and during transmission (TLS1.2 or above)? 

• TLS 1.2+ is used for all TCP communication which ensure that data transmitted over the network is encrypted and protected from interception.
• AES-256 encryption for data at rest secures stored data, preventing unauthorized access.
• Encryption of backups and hard drives at rest adds an additional layer of security, ensuring that even if physical storage is accessed, the data remains protected.

Does InEvent ensure channel encryption via TLS 1.2 (AES-256) for both data transmission and system console access?

Yes. InEvent utilizes strong encryption algorithms and protocols including TLS 1.2 and above to prevent man in the middle attacks. Strong ciphers and hashing algorithms are also in place

How does the DNS server operate in your system?

Our servers use an entry DNS server to direct incoming requests to a Load Balancer. The Load Balancer then identifies the server with the lowest CPU usage and highest availability to handle the request efficiently.

Does InEvent manage cryptographic keys through cryptographic hardware such as KMS or HSM that complies with FIPS 140-2 standards?

Yes. This is in place in line with InEvent's cryptographic policy.

Does InEvent support masking or obfuscation of sensitive data within the platform?

Yes. All data on InEvent database are fully masked and are not in clear text to prevent unauthorized disclosure to sensitive data

Does InEvent provide physical and/or logical segregation of database data to ensure isolation from other clients?

Yes. InEvent logically separates all client data on its database to prevent data breach as part of our compliance to our access control policy.

Does InEvent support integration for real-time audit trail monitoring by sending events using standard market protocols such as Syslog, CEF, or Event Viewer?

Yes. This is in place. In addition to the series of logs available, InEvent supports integrations with SOC platforms such as QRadar, McAfee SIEM, Splunk and event management tools such as syslog, CEF, Event Viewer etc. This enables our clients to monitor critical data flowing on the system on a real time basis.

Does InEvent provide configuration parameters to set session timeout durations?

Yes. InEvent supports the implementation of strong authentication controls and recommend a minimum of 10-15 minutes session timeout on the system.

Does InEvent provide traceability (audit) for administrator console user access to the solution?

Yes. All administrative activities are logged on the management console of InEvent platform and accessible by only authorized individuals.

Does InEvent provide traceability (audit) for specific information queries made by administrator console users?

Yes, same as above, all administrative activities are logged on the management console of InEvent platform and accessible by only authorized individuals.

Does InEvent's audit trail include details such as user, origin, timestamp, process, data, and module?

Yes, InEvent audit trails include this information. The Audit reports provides a timeline of data changes made in your events. It includes details like the date of the change, the name of the person who made the modification, the category of the change, and the specific target.

Does InEvent allow restricting solution access by origin, permitting only authorized database addresses?

Yes. This is in place on the firewall, IPS/IDS level and through IP lockdown. Depending on the integration required for this implementation, specific database addresses are whitelisted to the solution.

Does InEvent support two-factor authentication?

Yes. InEvent supports 2 factor authentication by verification code via mobile or email. This option will be available to your administrators, based on your setup choice, every time its is required to login at the platform. Additional operations, such as generating sensitive reports, will also require a secondary validation. Options include email and SMS based codes. Refer here.

Does InEvent support integration with Azure Active Directory (AD) for authentication and authorization?

Yes. InEvent solution supports integrations with several IAM solutions including Azure AD for authentication and authorization. Refer here.

Does InEvent enable profile implementation for support areas while restricting access to data?

Yes, InEvent offers this feature. We allow profile customization to control access to specific areas of the platform, both at the company and event levels, while ensuring that access to sensitive data is restricted. You can find more details here and here.

Does InEvent ensure user access occurs through encrypted channels?

Yes. This is in place on the InEvent solution as user access can only be done through encrypted protocols. Authentication occurs using encrypted connections and are limited to your organization specific endpoint.

Does InEvent map access privileges through Active Directory group associations and populate them automatically?

Yes. InEvent solution supports integrations with several IAM solutions including Active Directory and access privileges can be abstracted through the AD groups. Refer here.

Does InEvent support integration of Single Sign-On?

Yes. InEvent support SSO. Using SAML 2.0, organizations can integrate InEvent solution with their current enterprise federation. Login can be the same used on your central repository, which can be any SAML 2.0 protocol solution, including Microsoft AD or Amazon. Please refer to our SSO Integration to learn more. You can also visit this YouTube link for more information.

Does InEvent ensure that application accounts have minimal privileges and do not operate with system administrative privileges?

Yes. Through implementation of role based access controls on the system, the InEvent system has been designed such that application accounts have minimal privileges that are not as powerful as admin accounts. You can click here to see the Permission profiles available at InEvent.

Are the DNS server(s) shared with other customers?

Yes, the processing servers and DNS servers are multi tenant per region basis. We have DNS servers for the US and EU regions.

What thresholds\capacity\load is factored into the InEvent DNS servers before and additional DNS server needs to be added to scale?

Every hour we check for the amount of attendees expected within the next two hours. We also take into account invitations and events that might have walk ins. We scale on a factor of 250 users (every 250 users the auto scaling deploy a new instance).

Do the DNS Servers automatically scale at a set threshold or is it a Manual Process to add another DNS Server?

It’s automatic and not a manual process.

What is the InEvent SLA for adding an additional DNS server?

It can take up to 5 minutes to add an additional DNS server.

How is High Availability and Disaster Recovery achieved for the InEvent Service?

Our algorithm that checks expected load for a period of time handles the High Availability.

What Monitoring is in place to understand Load & Health and report Realtime on issues for the InEvent service?

We use Datadog Alerts and AWS CloudWatch to monitor Load, Health and Threats (like DDoS attacks).

Does the solution have a proprietary system and load balancing? If so, does it include monitoring tools and logs? Specify.

InEvent has its own backend system tailored to event management, providing a robust platform for handling user data, event configurations, and interactions. This system is designed for flexibility, high availability, and scalability. We use Datadog Alerts and AWS Cloudwatch to monitor Load, Health and Threats (like DDoS attacks)

Is there customer access to an Event Monitoring Dashboard before and during the event?

Our Trust page details the health of our servers in real time, but incidents may take some time to show up.

Can you provide a list of incidents over the last 6 months that have caused outages to the service\customer events and how they were resolved?

Yes, on the Trust page, you can filter reports on this for up to two years.

Is there a way to simulate the Event with the same number of users before it goes ahead?

Our platform can host events that have over 20,000 users without issues. The IT team also ensures to scale the servers days leading to the events to ensure everything is in place.

How will the initial data load to the provider be executed?

• Data Preparation: The customer can provide the necessary data in the required format to ensure compatibility with the platform - our system allows importation to the platform using Excel spreadsheets.
• API Upload: For larger datasets or continuous imports, the platform supports RESTful API endpoints to allow direct data uploads in real-time. Please refer to our API guide
• Onboarding: We have a team that provides support during the initial data load to ensure accuracy, troubleshoot issues, and verify the completeness of the data migration.
• We coordinate closely with the customer to minimize downtime and ensure a smooth transition.

What are the limits and/or SLAs for solution performance? Consider metrics such as max TPS (transactions per second), max simultaneous users, average and maximum response time, etc.

The platform is designed to handle high performance and scalability. Key metrics include:

• Simultaneous Users: The platform can accommodate up to 20,000 concurrent users without performance degradation.
• Response Time: Platform response time ranges from 232ms to 238ms, API response time 231-232ms.
• Uptime Guarantee (SLA): The platform guarantees 100% uptime backed by proactive monitoring and load balancing. Information can be found.

• The platform employs a scaling factor of  250 users per new instance, which can interpreted as a benchmark for handling up to 250 transactions per second.

How will transactional data be sent to the provider (InEvent)?

Transactional data, including registration details, ticket purchases, payments, emails, and session interactions, is sent to InEvent via secure APIs or uploaded manually. Data is processed in real time and made available for reporting and analysis.

• Tickets and Payments: Transactional data for ticket purchases and payments includes attendee details, payment amounts, timestamps, and receipt confirmations. These are logged and can be tracked via dashboards or exported for external analysis. Refer to the article here.
• Emails: Transactional email data includes delivery of registration confirmations, payment receipts, session reminders, and other event specific notifications. These emails are tracked with timestamps, recipient details, and delivery status. Refer to the article here

What are the administration interfaces (Web, API, CLI, etc.)?

• Web Interface: The primary platform is a user-friendly, browser-based interface that allows administrators to manage events, configure settings, and access various features. This interface is designed for intuitive navigation and comprehensive control.
• API: InEvent offers a robust REST API that enables developers to integrate the platform with other systems. The API supports custom workflows, automation, and data synchronization between InEvent and external tools.
• Mobile Admin App: A mobile application is available for on-the-go administration, offering key functionalities for event management and monitoring.

What types of integration are available for applications (e.g., REST API, SOAP, etc.)?

InEvent provides the following types of integrations for applications:

• REST API: InEvent offers a robust REST API that allows seamless integration with third-party systems. The API supports JSON-formatted requests and responses, making it developer-friendly and ideal for automating workflows, synchronizing data, and extending platform capabilities.
• Webhooks: InEvent supports webhooks, enabling real-time event notifications. This allows applications to receive updates from the platform whenever specific actions occur (e.g., registration completion, session attendance).
• Zapier Integration: InEvent integrates with Zapier, allowing users to connect with thousands of apps without coding. This makes it easy to automate tasks and workflows across platforms.
• SSO (Single Sign-On):The platform supports SSO integration using industry-standard protocols like SAML and OAuth, ensuring secure and seamless authentication.

What types of connections/interfaces are used internally within the solution and between the solution and the bank’s systems for data exchange?

Internally, InEvent utilizes secure, high-performance connections to exchange data between different components of the platform, such as the web interface, backend services, databases, and APIs. These connections ensure that data flows efficiently within the system, supporting real-time updates, event management, and user interactions.

External Connections/Interfaces for Data Exchange with Bank’s Systems: For data exchange with external systems, including banks, InEvent supports various secure interfaces depending on the integration requirements. These may include:

• API (REST or SOAP): InEvent's REST API enables seamless integration with external systems, including banks, allowing for secure data exchanges like payments, transactions, or user information sharing.
• Webhooks: Webhooks are used for real-time event notifications between InEvent and external systems, enabling prompt communication when certain actions occur (e.g., payment processing, user verification).
• SSL/TLS Encryption: All external communications with the bank’s systems are secured with SSL/TLS encryption, ensuring the confidentiality and integrity of the exchanged data.

Is there any native monitoring within the tool? Specify.

For Native monitoring, we have features on the platform that offer this especially the Analytics section of our platforms that can be considered monitoring features such as:

• Live Analytics: Track various types of event related information and controls in real-time. This feature provides essential data to support decision-making and process improvement. Additionally, it enables the analysis of ROI, post-event information, and more!
• Audit reports available at Company and Event level that gives automatic data timeline on actions being carried out on the platform.  It includes details like the date of the change, the name of the person who made the modification, the category of the change, and the specific target.
• Virtual Lobby reports: this gives real time data on the performance and engagement of users in the Virtual Lobby. 

Is it possible to monitor the execution of schedules within the platform?

The platform offers various features related to Schedules:

• Scheduled meetings : This allows for the creation and monitoring of meetings from the platform. Admins can use Reports feature to download information about these meetings, as explained here. From the Virtual Lobby Analytics page, it is also possible to see the Live performance of these meetings as explained here.
• Activities: Admins can create and also monitor activities happening within the event. Our Analytical features such as Live Analytics, Virtual Lobby Analytics, Checklog reports help in monitoring and tracking execution of agendas and participation of attendees within the event.

Is the software's CPU consumption being monitored?

Yes, the software's CPU consumption is actively monitored on the server side to ensure consistent performance and reliability. Our technical team uses advanced monitoring tools to track CPU usage in real-time, allowing us to detect and address any potential issues, such as high server load or unusual activity.

Is the software's memory consumption being monitored?

Yes, the software's memory consumption is monitored on the server side to ensure optimal performance and stability. Our technical team uses monitoring tools to track resource usage, including memory, CPU, and other system metrics, in real-time. This allows us to identify and address potential issues proactively, ensuring the platform operates efficiently even under heavy usage. You can find real time system performance here.

In which country does InEvent store collected data?

Data is stored in the USA.

Where are the data servers of InEvent?

The servers are located in Virginia, USA.

What Integrations are available on the platform?

InEvent offers a good number of integrations within the platform. Please refer to our Integrations article to learn more on all possible integrations with InEvent.

Describe typical user scenarios and tasks, including individuals with disabilities, to ensure fair and accurate accessibility testing of the ICT product or service being offered

User Scenarios

• Task: Setting up an event via the self-service CMS.
  • Creating event pages, adding session abstracts, and categorizing content.
  • Testing: Ensure compatibility with screen readers and voice-to-text tools for organizers with visual or motor impairments.
• Task: Managing attendee registration and quotas.
  • Monitoring registrations, configuring quotas for addressable populations.
  • Testing: Confirm keyboard-only navigation and color contrast for visual clarity.

Customer attendee

• Task: Registering for an event and managing their profile.
  • Selecting preferences, reviewing accessibility accommodations, and paying registration fees.
  • Testing: Verify screen-reader compatibility, support for magnification tools, and accessible payment workflows.
• Task: Networking and engaging during the event.
  • Sending contact requests, identifying nearby attendees for networking.
  • Testing: Confirm that features are accessible via assistive technologies like screen readers or alternative input devices.

Customer Speaker/Presenter

• Task: Hosting a session with live streaming and augmented reality (AR) features.
  • Sharing slides, managing audience questions, and using AR tools.
  • Testing: Ensure closed captions and alternative text for AR visuals are functional and accurate.
• Task: Reviewing post-event signals for session optimization.
  • Accessing reports and insights to refine future presentations.
  • Testing: Validate accessibility of analytics dashboards.

In-person support

• Task: Monitoring and managing adverse event reports.
  • Flagging issues reported by attendees and initiating corrective actions.
  • Testing: Verify the accessibility of reporting workflows for users with disabilities.
• Task: Selling tickets at the box office.
  • Handling cash and credit card transactions, printing tickets.
  • Testing: Assess whether the system supports accessible interfaces for staff with visual or motor impairments.

Testing Tasks: Verify all workflows (e.g., registration) under typical and edge-case scenarios, such as:

• Low internet connectivity.
• Use of assistive technologies.

Conduct usability testing with individuals with various disabilities, including:

• Visual impairments (e.g., blindness, low vision).
• Hearing impairments (e.g., ensuring accurate captions).

Use automated tools (e.g., WCAG compliance checkers) and manual testing to identify and fix accessibility gaps

InEvent Accessibility Products/Services

• Screen-reader Compatibility: Interface elements (buttons, menus, forms) must be navigable and labeled for screen readers.
• Keyboard Navigation: All functions should be operable via keyboard alone without relying on a mouse.
• Text Alternatives: Images, videos, and AR elements must include alternative text or captions.
• Color Contrast and Font Size: High-contrast modes and adjustable font sizes for users with low vision.
• Customizable Settings: Allow users to personalize accessibility options, such as closed captions or high-contrast views.
• Inclusive Networking Tools: Ensure features like Nearby attendees and Contact requests are usable by individuals with disabilities.
• Offline Availability: Provide accessible offline versions of event content for post-event review.