You can read our security overview, know that we are GDPR compliant, but some of you will have specific security questions you’d like the answer to.
So we’ve compiled a list of short answers to help you complete those internal security questionnaires.
It’s a big resounding yes to all the following questions:
- Is data encrypted in transit over HTTPS?
- Is data encrypted at rest?
- Is data hosted in the USA?
- Are passwords hashed and salted?
- Do you conduct regular vulnerability scans?
- Have you had an external penetration test?
- Do you have remote backups?
- Are backups encrypted?
- Do you have a Web Application Firewall?
- Do you have protection from DDoS attacks?
- Is Database access firewalled and user restricted?
- Do staff have to sign confidentiality agreements?
- Do you do regular software updates?
- Are hardware devices on laptops encrypted?
- Do you host in the cloud, with Digital Ocean/AWS?
- Do you provide an up to date list of 3rd party processors?
- Do you offer 2FA?
No, absolutely not.
And a no to these questions:
- Do you store debit/credit card details?
- Do you store data outside the USA?
- Do contractors have access to client data?
- Do you outsource software development?
- Can we use Single Sign On?
- Do you sell data?