To help you accelerate sales, Prospectify requires access to certain pieces of information. We’d like to explain how we store, process and secure that information. We rely on some of the best providers to ensure that we keep your information private, available and unaltered.
The European Union’s General Data Protection Regulation (GDPR) will take effect on May 25, 2018, and we’ve already made great strides to become compliant. The GDPR extends the reach of the European Union’s data protection laws and establishes many new requirements for organizations that fall under its scope. Prospectify has already obtained a SOC 2 Type 2 report, are currently in compliance with the EU/US Privacy Shield framework, and have undergone an ISO 27001 Stage 1 review. Our privacy team is well ahead of this deadline to meet and exceed these new requirements.
Even if our offices go dark, you’re still up and running. Prospectify’s products run on world class infrastructure hosted at Amazon data centers running on Amazon Web Service (AWS) technology. Amazon data centers provide physical security 24/7, state of the art fire suppression, redundant utilities and biometric devices to ensure that our customers’ data is safe and secure. Amazon continually reviews and refines their procedures to comply with the latest security standards. Our data and services are housed in the same physically secure AWS facilities as Netflix, Expedia, Airbnb, Comcast, and Yelp.
Amazon maintains security certifications with:
Your data is protected by you and our systems. We take multiple steps to prevent eavesdropping between you and our systems, as well as within our infrastructure. All network traffic runs over SSL/HTTPS, the most common and trusted communications protocol on the Internet. Internal infrastructure is isolated using strict firewalls and network access lists. Each system is designated to a firewall security group by its function. By default, all access is denied and only explicitly allowed ports are exposed. Persistence and storage layers are encrypted and secured behind VPN & VPC firewalls.
If we see something, we’ll react quickly and remedy the issue. We’re not resting on our laurels. We’re always looking for potential system interruptions. If we do find something out of place, we’ll address the issue in a manner that it won’t be an issue in the future. We’ve invested in ensuring we can detect and respond to security events and incidents that impact its infrastructure.
Security Operations at Prospectify is responsible for ensuring that:
We’re relentlessly updating our systems to protect your data. Our virtual systems are replaced on a regular basis with new, patched systems. System configuration and consistency are maintained using a combination of configuration management, up-to-date images, and continuous deployment. Our systems are provisioned and updated using the most popular configuration management tools from PuppetLabs and Opscode Chef. Through continuous deployment, existing systems are decommissioned and replaced by up-to-date images at a regular interval.
Only people who need access, get access. Production system access is limited to key members of the Prospectify engineering team and passwords are expressly forbidden. At a minimum, authentication requires two factors including asymmetric RSA public/private keys and a time-based crypto token.
Don’t take our word that our systems are secure. We don’t. Even though we’ve designed secure systems and procedures, we regularly perform security tests to identify and remediate potential vulnerabilities. We also conduct periodic penetration tests with expert third-party vendors to help keep our applications safe and secure. These tests cover network, server, database and in-depth White Box testing for vulnerabilities inside Prospectify applications.
We’re watching to find misuse or occasional problems. Logging is a critical component of Prospectify infrastructure. Logging is used extensively for application troubleshooting and investigating issues. Logs are streamed in realtime and over secure channels to a centralized logging service. This also allows our technical support and development teams to view logs without gaining access to the production systems. We collect everything from application logs to AWS CloudTrail logs which form a complete audit trail of user and employee activity.
We prevent single points of failure. Even if there is an interruption to one system, the rest of our services stay up and secure. We physically separate the database instances from application servers and heartily believe in the mantra of single function servers. All login pages pass data via SSL/TLS for public and private networks, and only support certificates signed by well known Certificate Authorities (CAs). All email and CRM credential related data is encrypted while in transit as well as at rest using military grade encryption to ensure the security of user IDs and passwords. Prospectify application passwords are hashed and even our own staff can’t retrieve them. If lost the password must be reset.
We backup and test our systems, just in case. Production data is mirrored to remote systems and automatically backed up daily to an offsite location. Every change to a database is stored in the ‘writeaheadlog’ and immediately shipped offsite. We test our recovery procedures regularly by restoring from backup and simulating recovery of a production database. Our backup retention varies by function and business impact, the minimum backup retention for all systems is seven (7) days and goes up to ninety (90) days. Our production applications are deployed in multiple availability zones and leverage AWS MultiAZ technology which can sustain the loss of an entire data center in a region.
We protect our systems to protect your data. Prospectify offices are protected behind network firewalls from well known security vendors and secured by keycard access. Our employee workstations and laptops are imaged and managed using Puppet. Collaborative tools like email, document shares and calendars require two-factor authentication to mitigate phishing attacks. Critical infrastructure passwords are locked in a virtual vault using AES256 encryption and can only be accessed by a handful of individuals in the organization.
If we have to part ways, we’ll make sure your data isn’t at risk. To cancel and delete your account, please contact your account manager or our Customer Success team. Canceling your account will disable all access to Prospectify Platform and affects all data associated with your account. Before you cancel your account, you must make sure you export or print any information you might need from Prospectify Platform, for example, leads and contacts are exportable via CSV. Activity-specific data in Cadence, such as call logs, sentiments, activity, etc. are synchronized to Salesforce (SFDC) automatically. We retain your account data in our systems for a minimum period of 30 days in the event you request to reactivate your account. We cannot guarantee accounts closed longer than 30 days can be reopened. After your account has been closed for 30 days, all the data in the account may be permanently deleted from our systems within a reasonable time period, as permitted by law, and will disable your access to any other services that require a Prospectify Platform account. We will respond to any such request, and any appropriate request to access, correct, update or delete your personal information within the time period specified by law (if applicable) or without excessive delay. We will promptly fulfill requests to delete personal data unless the request is not technically feasible or such data is required to be retained by law (in which case we will block access to such data if required by law).