RepuGen® Security Policy
Updated: January 2016
At RepuGen the safety, privacy, and security of the data our customers entrust to us is very important to us. We realize you might have a few questions around our security practices and have included some of the ones you might find important. If you have further questions not listed below, please feel free to reach out to us directly.
Who owns the data I load into your service?
What do you do to keep my data secure?
- We use Comodo SSL (Secure Sockets Layer) Certificate to establish an encrypted link between a server and a client. SSL allows sensitive information to be transmitted securely.
What about security in your applications?
- Our goal is to design, build, and maintain secure applications. We believe security should be built in and not bolted on.
- We regularly review our code as well as any third party code included in our products using static and dynamic analysis tools along with manual code reviews in critical areas.
- We have a hardware firewall installed on our server. Hardware firewalls provide a strong degree of protection from most forms of attack coming from the outside to the server. We have blocked all the IP's from accessing the server except authenticated employees from the development team to update code when required from specific IP's only. This gives highest level of security from hackers.
What do you do to protect my data from loss?
- Our server is equipped with RAID to preserve data if the disk on the server fails. Along with this we have backup mechanism in place to backup data on a daily basis.
Does RepuGen have any certifications?
- We annually attest to PCI-DSS compliance and are audited by an independent Qualified Security Assessor [QSA] to handle your credit cards.
- Comodo SSL certified
- For customers that are regulated under HIPAA/HITECH, we can sign a Business Associates Agreement.
- If you need further information on how we demonstrate the effectiveness of our security practices, drop us a note at the email listed above and we will be happy to share the information with you.
Who are the people accessing my data?
- All employees that have access to your data undergo a background investigation and must sign confidentiality agreements prior to being granted access.
- Each employee receives annual refresher training on security practices and threats.
Does RepuGen have a security team?
- Yes. We have a team to review the server on a regular basis to make sure we are at the highest level of security possible.
I am a Law Enforcement officer and I need to contact the security team?