Our security program evaluates, monitors and improves the security posture of our underlying systems on a regular basis. The program is comprised of technology (software) and as well as policies (legal agreements) and procedures.
Our technology (application, services, data) is hosted in the cloud on logically isolated servers behind a comprehensive firewall with monitoring and alarms on each system. Access to our systems is limited by a centralized access-control list with multi-factor authentication required for all users.
Our server side architecture is designed for scale and redundancy with daily backups, load balancing, and cross-region replication. Through auto-scaling functionality, we’re able to add additional servers on-demand to ensure the highest levels uptime, response time and performance.
We conduct system and application logging of all interactions, including access to APIs, giving us the ability to quickly investigate issues and identify concerns.
We have a comprehensive network monitoring program in place with alarms to notify key personel in the event of an outage, attack or breach.
All data is encrypted at rest (AES-256) and in transit (TLS 1.2). Vulnerability testing by a trusted third party occurs at regular intervals. In the event that a weakness is found, our Remediation Procedure requires immediate triage and fix within 48hrs.
All employees are educated on company policies and procedures in the event of a natural disaster, system outage or network breach.