Do you review your applications for security vulnerabilities and address any issues prior to deployment to production?
Yes. At least annually, or for product releases which introduce major architecture changes, penetration testing is performed by external certified experts.
Do you have the ability to logically segment or encrypt customer data such that data may be produced for a single tenant only, without inadvertently accessing another tenant’s data?
Yes. Customer data is logically segmented into unique customer databases. Our approach to database encryption is holistic and comprehensive (AES 256).
Do you have the capability to recover data for a specific customer in the case of a failure or data loss?
Yes. AlayaCare leverages the managed RDS PostgreSQL AWS service. Backups are performed daily and provide the ability to rollback to any point in time within the 30 days. We also do a monthly backup which is kept for 12 months.
Do you have the capability to restrict the storage of customer data to specific countries or geographic locations?
Yes. This capability is defined by AWS Regions.
Do you provide tenants with geographically resilient hosting options?
Yes. All production environments utilize multiple AWS Availability Zones (AZ) within an AWS Region to provide geographic resiliency. AZ is a logical data center in an AWS Region. Each AZ redundant and separate power, networking and connectivity to reduce the likelihood of two zones failing simultaneously.
Do you encrypt tenant data at rest (on disk/storage) within your environment?
Yes. By utilizing AES 256 Encryption Algorithm
Do you provide a formal security awareness training program for all persons with access to tenant data?
Yes. As part of the on-boarding process, all employees required to complete security awareness training.