SECURITY

Secure Data for all our Customers

image

Nothing is more important than the privacy of our customer’s information and thus we make data privacy and security our top priority.  Recognizing the significance of this responsibility and the need for the deepest expertise available, Compliatric was built on the Force.com® platform, which is recognized as a leading security infrastructure with world class physical, administrative and technical security safeguards.

Among these safeguards and other security measures, our platform provides:

    • Experienced, professional engineers and security specialists dedicated to round-the-clock data and systems protection

    • Continuous deployment of proven, up-to-date security technologies

    • Ongoing evaluation of emerging security developments and threats

    • Complete redundancy throughout the entire infrastructure

  • Force.com has comprehensive privacy & security assessments and certifications performed by multiple third parties. For listing, CLICK HERE

    Administrative safeguards include:

    Comprehensive information security and privacy policies designed to meet the requirements of ISO 27001

    Designated specialists and departments who are responsible for Force.com’s privacy and security program

    Limiting access to customer and protected health information to personnel who require such access to perform contractual obligations

    Training on information security and confidentiality during monthly new hire orientation and annual information security and privacy awareness training

    Technical safeguards include:

    Force.com uses the strongest encryption products to protect customer data and communications, including 128-bit VeriSign SSL Certification and 1024-bit RSA public keys

    The network perimeter is protected by multiple firewalls and monitored by intrusion detection systems. Firewall logs are regularly analyzed to proactively identify security threats. Security configurations are proactively monitored for changes, vulnerabilities, and errors and vulnerability threat assessments including penetration tests are regularly conducted

    Inside of the perimeter firewalls, the systems are safeguarded by proprietary safeguards including network address translation, port redirection, IP masquerading, and non-routable IP addressing schemes

    User access is provided only with a valid username and password combination, which is encrypted via SSL while in transmission. An encrypted session key is used to uniquely identify each user and the session key is automatically scrambled and re-established in the background at regular intervals

    A robust application security model prevents one customer from accessing another's data. This security model is reapplied with every request and enforced for the entire duration of a user session

    Physical safeguards include:

    Redundant mirrored data centers on the West Coast, East Coast, and Asia with failover making interruption of service related to hardware problems or data issues minimally disruptive

    Data Facilities provide 24-hour monitoring and security and access to any server cages require biometric scanning

    Redundant diesel powered electrical generators, data center air conditioners, and other backup equipment designed to keep servers continually up and running are onsite

    Data facility workstation policies that require personnel to store confidential information in secure locations, unattended workspaces to be secured, screens of unattended computers to be locked, and all portable computers disk drives to be fully encrypted are in force

    CLICK HERE Click here to read more about the Force.com security platform.