Socio is now Webex Events.
Explore the most popular Webex Events offerings.
Webex Events comes standard with all the features you need.
View All Features
Simplify on-site event management with on-demand event check-in, streamlined badge printing, and more!
Does your event platform give you peace of mind and flexibility? Use a single, hybrid-ready platform for all your events.
Webex Events gives you the tools you need to craft a successful event based on your event type.
See how other organizations like yours leverage Webex Events to power event success.
Scale your global events program with a secure, integrated solution for virtual, in-person, and hybrid events.
Explore resources to help you become a master event professional and a Webex Events expert.
Discover why event professionals around the world trust Webex Events to power their virtual, in-person, and hybrid events.
View All Customer Stories
Download Webex Events Hybrid Event Guide
Last Revised: March 18, 2022
Trust. It is the foundation of our security objectives at Webex Events. Our clients trust that we will protect their information with the same level of care and concern that they do. Our clients also trust that our applications will be available when they need them. We only achieve that trust through transparency. We are proud to tell our security and privacy story, so if you have questions, please let us know at [email protected].
The heart of Webex Events is its platform, where event planners configure and operate their events. The Webex Events platform, along with its other web applications are Software-as-a-Service (SaaS) offerings hosted from hybrid Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS). Webex Events operates from a private tenant in the AWS public cloud. Webex Events offerings are provided from a multitenant, multi-tier architecture. Client data separation is maintained at the application layer through rigorous access controls.
We believe that unless the data is being used, it needs to be encrypted. That is why we encrypt data-in-transit on both the internal and external networks using HTTPS (TLS 1.2+). All data-at-rest is encrypted using AES-256 with keys managed from our AWS key management service (KMS). Those keys are generated in the KMS, rotated within the KMS, and destroyed in the KMS. After all, the security provided through encryption is only as good as the security of the keys.
We are all for support from the Internet community, but not when it comes to administering our systems. Webex Events has adopted a walled-city security model that layers perimeter security controls. Everything from AWS security groups and cloud-native analogs, to traditional firewalls, are deployed and managed at the network perimeter and around internal system resources. All application traffic must also traverse our web application firewall, configured to prevent attacks targeting web applications. High walls are great, but they are not perfect, so we also have intrusion monitoring and alerting utilities to let the Webex security team know if a barbarian has made it past the gate.
Our incident management program is comprised of policies and procedures informed by the NIST 800-61 guidelines. While our goal is to never need it (other than for annual program testing, of course), the program entails notifying impacted clients without undue delay when a security incident affects their data or use of applications. In most cases, notification would occur via email. For prolonged outages or incidents, a web conference bridge will be availed. Clients can always monitor the status of our applications at https://status.socio.events.
Your event needs to be secure – that is table stakes – but it also needs to be available. In this age of virtual and hybrid events, even a short disruption can ruin the event. In addition to
standard system security logs, we maintain extensive telemetry logs. At Webex Events, the availability security pillar is treated with the same criticality as the confidentiality pillar.
For some clients, prior and on-going events tell the history of their community. For other clients, the value of the event contents begins to decay at the conclusion of the event. Accordingly, event planners can delete event data in order to support their own retention requirements. By default, Webex Events retains event data for a maximum of five years. While we hate to see any client leave, we understand that all good things must eventually end. Upon contract termination, if a client requests, event data can be extracted and provided – of course, the event planner can also download anything that they want to keep. Within six months of the contract termination, all client data will be deleted, preserving block-level encryption to make sure that the data is permanently unavailable. We can then provide a certificate of destruction, if requested.
Our employees only access client data when necessary for support. We limit access to only those personnel with a business justification to see client data. Once an access request has been approved, specialized security training is required before access is provisioned. Then multi-factor authentication is required and their activities are monitored.
Webex Events is only as trustworthy as its personnel. Cisco conducts background checks on all employees prior to employment. Upon hire, and annually thereafter, employees must complete Code of Business Conduct, Security Awareness, and Privacy training. Upon hire and annually thereafter, all employees must also acknowledge security and confidentiality policies.
Training requirements are expanded for employees in development roles, who also must annually complete specialized security training. The application security development program is interwoven with the system development lifecycle. Static code analysis, peer review, and security testing are all part of the CI / CD pipeline.
Secure today may not be secure tomorrow. We are constantly re-evaluating our security posture. Network and web application vulnerability scans are performed weekly. Cisco performs multiple network, web application, and mobile application penetration tests on Webex Events each year. An independent third-party is also engaged at least annually to also perform these tests, as well.
Webex Events has integrated several best-of-breed partners to deliver our feature-rich solutions. Client trust must extend to those providers as well, so Webex Events maintains a robust vendor risk management program. We rely on the same tools that our clients do to monitor us – ISO certifications, SOC 2 Type II reports, questionnaires, and more to make sure that treatment of client assets are managed with at least as much rigor as Webex Events.
Like all modern software providers, we also integrate open-source and third-party libraries, modules, and utilities within our offerings. To monitor the assurance of these aspects, several tools are integrated within our development environment to monitor for vulnerabilities, changes in versioning, and changes in licensing.
Like the global policy landscape, the Webex Events privacy program is constantly evolving. A good place to start to learn about our privacy program is the Privacy Data Sheet. You can find it here:
Our Data Privacy Agreement and its companion Security Appendix cover all of the GDPR basics:
Webex Events shares its assurance collateral documentation on the Cisco Trust Portal:
https://trustportal.cisco.com/c/r/ctp/home.html There you can find all of our available security, data privacy, and compliance documents.