When companies offer cloud solutions it’s an understandable concern of business owners to wonder where their confidential data is being stored, and what measures are in place to ensure its privacy? As a supplier of cloud based auditing compliance solutions we get these questions all the time, so I thought I’d share how we protect our clients’ data.
To give you some background, Compliance Experts was perhaps the first company in the world to release an online auditing application using Microsoft’s .NET Framework in February 2003. We have now had a decade of experience with this technology as it has gathered momentum. We have installations all over the world and offer both public and private cloud system implementation. Our commitment to security gives our customers peace of mind that we’re doing all that is possible to ensure the privacy of their confidential data.
Here are some of the ways we protect our system and our clients’ data.
We limit the personal data we store
- We do not store users’ credit card information. This is requested at the time of making payment (for example to purchase or renew a subscription), however the information is not stored or retained in any way.
- We do store user names and email addresses, and there is provision in the system to store site and vendor contact information. This is limited to name, email, phone and address details.
- All user passwords are encrypted.
We implement a range of measures to prevent malicious access to our data and application code
- One-way hash encryption is used for password storage and verification.
- Compliance Checkpoint runs under 128-bit SSL encryption, and operates within an https environment.
- Our mobile apps use SSL security.
We provide a wide range of configurable security features allowing users to raise the security bar as high as they feel is needed
- Configurable password policies, covering:
- Expiry period
- Minimum and maximum length
- Mandatory inclusion of special characters
- Mandatory inclusion of numeric characters
- Mandatory inclusion of upper case characters
- Mandatory inclusion of lower case characters
- Maximum login attempts leading to lockout
- Number of previous passwords to be tracked for repeats
- Additional security configuration:
- Passwords may be reset by Administrators
- Administrators can force Password change at next login
- Administrators can authorise password non-expiry
- IP Address Range Restriction. This feature allows users to limit access to the system based on the IP address of the computer attempting a connection. If the user’s IP address does not match an IP address provided or if it does not fall within a range of IP addresses the user will not be granted access to Compliance Checkpoint. This feature gives corporations the ability to ensure that the software is used on corporate networks only.
- Active Directory and LDAP Integration for advanced users
Compliance Checkpoint has security in its DNA
The software adheres to the Open Web Application Security Project (OWASP) Guide to Building Secure Web Applications, and has passed independent testing against the “Top 10” security flaws.
We routinely back up our application and its data to ensure we can recover quickly from a data loss or cyber-attack event
Our daily, weekly and monthly backup regime, coupled with our Disaster Recovery plan ensure that we can rapidly recover from any serious data loss or outage incident with minimal inconvenience for our customers.
We use a highly secure data centre meeting international security standards
Compliance Checkpoint is hosted by Datacom – one of Asia Pacific’s leading IT-based service providers. The company operates across New Zealand, Australia, Malaysia and the Philippines. Datacom’s Melbourne data centre is ISO/IEC 27001:2005 accredited.
We provide the entire system for installation on private cloud infrastructure
Any customer wishing to exercise maximum control over the security and performance of their IT systems may install the entire Compliance Checkpoint application and database on their own secure servers, or at external hosting services under their direction. This provides large or high volume users with the comfort of knowing that they have complete control over data security, application and data backups, and backend access to authorised IT personnel only.
In addition, outages for upgrades and system maintenance can be appropriately scheduled. Compliance Experts provide full support for version upgrades and hotfixes, with version information and installation instructions.
If you have a question regarding how we ensure confidential information is kept private, that wasn’t covered in this article, please email us your question here, and we’ll be sure to get an answer for you.