Security Policy

effacts is proud to provide enterprise-class security and data management services to businesses worldwide. Built on leading edge infrastructure and technologies, effacts is committed to keeping your confidential information as safe as possible.

Redundant Information Security

We handle sensitive information for hundreds of organizations around the world. To do this, we employ multiple levels of data protection:

  • We encrypt all data transmissions over 256 bit SSL security.
  • Unique keys are generated for each customer, making multiple account hacking almost impossible.
  • Finally, we use document encryption for extra safe measures.

 

While it’s common for Software-as-a-Service (SaaS) providers to provide SSL-security connections, the truth is that most compromises start after your data is in the hands of a service provider. We have taken a leadership role in protecting our customers’ information. We took the time to build additional maintenance tools so that we can ensure customer data isn’t compromised.

 

ISO 27001:2013 Certification

csq_iqnetCSQA ISO 27001

effacts is the only smart repository for legal information that is ISO 27001:2013 certified as an information security management system (ISMS). This is the highest level of global information security assurance available today, and provides customers assurance that effacts meets stringent international standards on security.

 

Proven Uptime and Disaster Prevention

We are committed to providing our customers with exceptional uptime and availability. You can trust that we are aligned with your availability expectations:

  • 99.9% uptime service level commitment.
  • Fully redundant primary internet connections.
  • 24x7x365 network operations control.

 

Our private cloud has been constructed with true real-time redundancy. With live data synchronization, every application and database server has an active failsafe unit ready to take over in the event of a disaster.

Reinforcing this real-time failsafe, on a nightly basis, customer databases are backed up in full, from the active failover server, ensuring backup processes do not disrupt access to customer data. Backups are shipped off-site over a dedicated fiber link to another secure location, ensuring that even in the event of a critical disaster, customer data is secure.

 

Operational Best Practices

Our customers enjoy security controls such as fully guarded premises and physical access management that are economically unfeasible with typical in-house, on premise deployments. Dedicated around-the-clock availability and security monitoring provide added layers of assurance.

  • SSAE 16 Type II Audits.
  • Highly Restrictive Physical Access.
  • Audited Access Controls.

We use only SSAE 16 (SOC1)/ISAE 3402 Type II audited datacenters (supersedes SAS-70 compliance) to ensure our processes exceed industry best practices. The reports from these audits are available to our customers or auditors.

 

Serious About Security

All the datacenters are locked and guarded, and can only be accessed by authorized personnel. Monitored closed circuit television systems and onsite security teams vigilantly protect the datacenters around the clock, while military grade pass card access and biometric finger scan units provide even further security.

 

Regulated Climate Control

The heating, ventilation, and air-conditioning (HVAC) systems have full particle filtering and humidity control. The climate within each of our datacenters is maintained according to ASHRAE Guidelines. This ensures your mission-critical dedicated server and hardware is functioning at its best.

 

Redundant Power—Just in Case

The datacenters don’t rely solely on the local power grid to guarantee around-the-clock power. The onsite diesel-powered generators and uninterruptible power systems (UPS) deliver redundant power if a critical incident occurs, so that all operations are uninterrupted and your dedicated servers remain online. We regularly test our infrastructure to make sure it performs as designed in the event of an emergency. And we back it all up with our 99.9% Uptime SLA.

 

International Privacy Standards

Privacy is part of our DNA. As part of our promise to you, we adhere to stringent international data management controls and policies to ensure 24x7 protection of your data.

 

Our Privacy Policy

Your privacy is important to us and to better protect your privacy we provide a public Privacy Policy explaining our online information practices and the choices you can make about the way your information is collected and used. To make this easy to find, we make it available on our homepage and at every point where personally identifiable information may be requested.

 

US-EU Safe Harbor

We adhere to the Safe Harbor requirements published by the United States Department of Commerce, including the Safe Harbor Privacy Principles. Accordingly, our Privacy Policy and procedures for handling personal data are adequate for purposes of receiving personal data transfers from the European Union in compliance with Directive 95/46/EC of 24 October 1995.

European Parliament and of the Council of October 24, 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the EU Directive).

 

Data Portability Commitment

Since its founding, effacts has made data safety and portability a key principle. Unlike many service providers, we provide every organization its own unique database with private connection credentials. This means that your data always remains secure. Further to this, our data portability commitment is clear: you own your data, and can take it with you at any time. As much as we’d hate to lose you as a customer, we will never hold your data hostage. You can easily export your data in a common, SQL-compatible format, or make use of our various APIs to request data as needed.

 

Personnel Security

We use a combination of background checks and confidentiality agreements to reduce the risk of personnel related security breaches. We also perform monitoring via a dedicated compliance team to make sure staff is operating in accordance with security and compliance guidelines.

 

Full Audit logging

effacts has a full audit logging of all user activity with self-service reporting. With these reports you can readily see who has access to what content as well as see access activity across all content managed by effacts.

 

24x7 Support

The Network Operations Center (NOC) staff monitors the network 24x7x365, while our network engineers and facility staff are available at any time in the event of an emergency.

 

effacts operations

Outside of the core datacenter operations, we designed our physical office to eliminate any central on-premise servers, ensuring employees and guests have no direct access to customer data. Our employees are unable to access customer data without explicit permission in the course of delivering support services. When requesting support, either at the time of request submission or during the course of interaction with our team, customers have the opportunity to grant any necessary access rights—all such grants are tracked and visible to customers at any time.