Information security policy
Physical infrastructure security
Teamspective’s physical infrastructure is hosted and managed within Amazon’s secure data centers in Europe and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data centers are among the most physically secure places in the world and their operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
For additional information see: https://aws.amazon.com/security
Data security
Encrypted in transit
All communication between your users and our servers is encrypted in TLS 1.2. Additionally, all communication between our servers are TLS 1.2 -encrypted. This link ensures that all data passed between the web server and browsers remain private and integral. TLS is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.
Encrypted at rest
All data in our database is encrypted at rest with AES-256, block-level storage encryption. Encryption operations occur on the servers that host the database instances.
Backups
Encrypted backups are created and stored on a continuous basis by our hosting provider.
Privacy
Teamspective has published a privacy policy that clearly defines what data is collected, why we collect it and how it is used.
Internal security policies
Our team is highly security-aware, and security is our top priority.
We regularly hold internal security briefings and make sure every employee is aware of current best security practices. All non-trivial code is reviewed by at least one developer before being deployed.
Password managers and different passwords for all sites are required and passwords must be regularly updated. To protect access to data we use 2FA where available. Employees are responsible for keeping their own devices up to date. Device hard drives must be encrypted.
Incident response
Our team is well prepared to handle any incident and doing so will be the top priority. We have so far experienced no successful cyber attacks.
Full disclosure policy
We believe in transparency – if anything serious ever happens and your data is affected, we will provide full disclosure within 48h to enable you to take precautions and minimise the damage.