We understand you are entrusting us with very important and often sensitive information and we take that very seriously. So we use enterprise level security to protect your data and meet your compliance requirements.
Here is a summary of some of the precautions we take and policies we have surrounding security and data.
You can also download a .pdf copy here to share with your colleagues.
If you require more information, we’d be happy to share it with you. Please just email firstname.lastname@example.org and we’ll send it right through.
We use encryption in transit and at rest of all our services. All of our infrastructure is built as code, ensuring extremely few people have access to your data. We obviously require multi-factor authentication for any access to our environments. We also have security logging in place with advanced security monitoring, so our teams are immediately alerted of anything out of the ordinary and can investigate quickly. Physical access to our data centers is strictly controlled with comprehensive security measures by our data centre hosting partners. See the AWS shared responsibility model https://aws.amazon.com/compliance/shared-responsibility-model/
We conceive products with security in mind, from the back of the napkin to the code running live. We provide security training to our staff, mandate code-reviews before promoting any code, track all the changes, use tools to analyse the code and tell us if the libraries we use have known vulnerabilities, patch early and often and ensure we have several layers of security, for peace of mind. And we get external pentesters to verify we have done a good job too.
Security operations and best practices
We know that many breaches are created by operational mistakes, and we strive to prevent these as much as possible, through good processes and practices. We approach security holistically with ISO/IEC 27001 guiding our policies and standards, alongside country regulations such as privacy or financial regulations. We follow these high standards in our operational practices so we can satisfy all legal requirements, and we use external auditors to keep us honest.
Our products are designed for high performance and availability, and built on best-in-class core technologies, such as AWS, so your organisation can scale confidently and securely.
Our cloud infrastructure takes advantage of elastic scale, multi-level redundancy, and failure options across data centres to reduce latency, maintain reliability, and scale with your organisation's needs.
Availability and continuity
High-availability is built in the core of our products so we can leverage all the benefits of the cloud to ensure your service stays online, no matter what. Our services are available in several datacenters to ensure we won’t let you down. In addition to technical controls we also back this with robust Disaster Recovery and Business Continuity programs.
We continuously look for ways to improve product and platform performance by monitoring key performance metrics, such as load times, search responsiveness, and attachments.
We are committed to protecting the privacy of your and your customers' data, by ensuring we follow all the legal requirements of the countries you operate in, enabling you to choose where your primary data is located and protecting it with industry best-practices.
4. Compliance and third parties
We ensure the third parties we use adhere to the same high standards we impose on ourselves so we can be confident that your company and customer data remain secure and compliant. Our compliance program is here to help meet your organisation’s compliance needs. We undergo regular independent third-party audits and are in the process of getting our ISO/IEC 27001 certification.