ProofHQ provides state-of-the-art security to ensure that your data is safe at all times. ProofHQ understands that data security is your priority, which is why we have made it our priority. ProofHQ invests significant resources to keep our security infrastructure updated and current. As a result, we provide unsurpassed levels of security and privacy for our clients.
For customers of our Unlimited Edition, we commit to performing in accordance with our published Information Security Policy. This policy sets out in detail our processes and procedures for dealing with all aspects of information security within ProofHQ. It is regularly reviewed and updated, and is a key component of our SSAE16 audit (see below).
To help you with your assessment of ProofHQ security we have provided a detailed Security White Paper, which provides a more detailed description of ProofHQ’s security infrastructure.
SSAE16, is also called Statement on Standards for Attestation Engagements 16, is a regulation created by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) for redefining and updating how service companies report on compliance controls. ProofHQ has received a Service Auditors Report providing an unqualified opinion that we have established effective processes and procedures to manage our business in compliance with SOC 1 & SOC 2.
Skyhigh Networks performs objective and thorough evaluations of the enterprise-readiness of cloud service based on a detailed set of criteria developed in conjunction with the Cloud Security Alliance (CSA). Services designated as Skyhigh Enterprise-Ready are the services receiving the highest CloudTrust™ Ratings, which fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.
On occasion, customers ask ProofHQ to complete their own security documentation and participate in other security audits. ProofHQ pricing does not take into account the cost of undertaking this work, so we charge a consulting fee based on a daily rate US$1500. The number of days required to complete a security document or audit will vary depending on complexity and length. In addition, we will usually only undertake consulting work relating to security upon receipt of a signed order for the purchase of a ProofHQ plan. The order is conditional on the security work being successful, so if we failed to meet a customer’s security requirements, the order can be cancelled.
If you have any questions about security, please contact your ProofHQ account executive.
ProofHQ provides a best-of-breed security infrastructure comprising proven, cutting-edge technologies. ProofHQ delivers the most comprehensive security available, including firewalls and encryption devices sourced from leading Internet security vendors, configured by expert professionals, and rigorously tested before going into production.
ProofHQ servers are co-located in a purpose-built facility, the location of which is not declared for security reasons. The facility provides 24-hour CCTV and physical security, palm readers, Boon Edam door entry (airlock type entry), redundant electrical generators, redundant data centre air conditioners and other back-up equipment designed to keep servers continually up and running.
ProofHQ’s backbone includes 4 connections to separate telecom providers with automated switch over and DNS updating. Network perimeters are protected by custom-configured firewalls provided by leading security vendors. ProofHQ routinely penetration tests all aspects of the network infrastructure.
Users access ProofHQ only with a valid username and password combination. These are encrypted using SSL while in transmission. Users’ credentials are verified before access to the ProofHQ applications is granted. Users are prevented from choosing weak or obvious passwords e.g. name, address or postcode.
ProofHQ’s application security model prevents one ProofHQ customer from accessing another’s data. This security model is applied to every data request and enforced for the entire duration of a user session.
Inside the perimeter firewalls, systems are safeguarded by network address translation, port redirection, IP masquerading, non-routable IP addressing schemes, etc. Exact details of these features are not disclosed for security reasons.
ProofHQ enforces tight operating system-level security by using a minimal number of access points to all production servers. All operating system accounts are password protected. Production servers do not share a master password database. All operating systems are maintained at each vendor’s recommended patch levels for security. All operating systems are further secured by disabling and/or removing any unnecessary users, protocols and processes.
Whenever possible, database access is controlled at the operating system and database connection level for additional security. Access to production databases is limited to a number of points. Production databases do not share a master password database.
All data entered into the ProofHQ application by a customer is owned by that customer. ProofHQ employees/representatives do not have direct access to the ProofHQ production equipment, except where necessary for system management, maintenance, monitoring, and backups. ProofHQ employees/representatives who have access to the production equipment are rigorously background checked.
ProofHQ’s applications reside on clustered servers ensuring the highest levels of availability. All customer data, up to the last committed transaction, is automatically backed up to a primary tape library on a nightly basis. Backup tapes are immediately moved to secure, fire-resistant off-site storage on nightly basis.
Our servers are located in Rackspace’s triple-strength secured data centers.
Our hosting facilities have been designed to withstand many foreseeable catastrophic failures such as power outages, contractor mishaps, fire, flood, and theft. The Sites have power that is supplied on separate feeds entering from different sides of the buildings. They also has full UPS and generator capabilities in case of a power outage. In the unlikely event of a catastrophic site failure at the primary data centre, ProofHQ has a comprehensive recovery plan in place, including failover to a mirrored datacentre. The secondary data centre is capable of performing all hosting functions in the case of such an emergency, with sufficient capacity for customers until such time as ProofHQ’s applications can be restored at their original location or at a replacement hardened hosting facility.