It’s your data, not ours—and we work hard to keep it secure
Here are the policies, procedures and technologies we use to comply with and exceed industry standard requirements
Data Hosting
Security and compliance programs
Data Hosting |
|
Data Protection |
|
Amazon Web Services |
Acivilate's physical infrastructure is hosted and managed within Amazon’s GovCloud secure data centers. Acivilate leverages all of the platform’s built-in security, privacy and redundancy. AWS continually monitors its data centers for risk and undergoes assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under: ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), PCI Level 1, FISMA Moderate and Sarbanes-Oxley (SOX). |
Encryption | Data that passes through Acivilate is encrypted, both in transit and at rest. All connections from the browser to the Acivilate platform are encrypted in transit using TLS SHA-256 with RSA Encryption. Acivilate requires HTTPS for all services. |
Security and compliance programs |
|
People |
|
Background checks | All Acivilate employees go through a thorough background check before hire. |
Training | While we limit internal access on a need to know basis, all employees are trained on security and data handling to ensure that they uphold our strict commitment to the privacy and security of your data. |
Confidentiality | All employees sign a confidentiality agreement before they start at Acivilate. |
Reliability and redundancy |
|
Business continuity and disaster recovery | We have business continuity and disaster recovery plans in place that replicate our database in multiple availability zones and provide for automatic failover. |
Software development lifecycle |
|
Routine audits | Acivilate continuously scans the product for service interruptions, performance degradation and security vulnerabilities to immediately alert our engineers and take action when an incident has been detected. |
New releases | New releases to the Acivilate platform are thoroughly reviewed and tested to ensure high availability and a great customer experience. |
Quality assurance testing | Once a changeset is completed, it is manually peer reviewed by one or more members of the engineering team. The changeset is then evaluated and manually tested by our quality assurance team to thoroughly test areas of expected impact, regression test and further evaluate the user experience. |
Continual monitoring | After a changeset is released, we continue to monitor application exceptions and log exceptions. These exceptions are regularly reviewed and triaged for resolution. Performance impacts of the changeset are monitored through several monitoring services. |
Vulnerability control |
|
Malicious software prevention | Our employees’ equipment is defended by anti-malware software. |
Vulnerability scanning | We continuously monitor for new vulnerabilities with automatic scanning of our code repositories. |
We’re always improving and always available
If you think you may have found a security vulnerability, have suggestions that will help to protect privacy or have questions for our team, please contact us at support@acivilate.com.