ISO 27001 Certified
We are annually audited to conform with the requirements of ISO 27001:2013, covering the information security management system (ISMS) that includes the people, processes, and technology that supports our organization. When it comes to keeping information assets secure, organizations like ours rely on the ISO/IEC 27000.
Our systems are externally scanned for vulnerabilities on a quarterly basis by a PCI approved vendor. The Payment Card Industry (PCI) Data Security Standard resulted from a collaboration between Visa and MasterCard to create common industry security requirements. The Payment Card Industry’s Data Security Standards (PCI DSS) requires that all merchants processing credit cards must operate their computer systems and IT equipment in compliance with the DSS.
Hosted Securely at AWS
We utilize the secure and scalable infrastructure of AWS to host the SureView Operations platform. To ensure application resilience the applications and database services are hosted on redundant systems in multiple AWS availability zones. For more information about security in AWS infrastructure visit AWS Security.
We utilize the secure and scalable infrastructure of AWS to host the SureView Operations platform. To ensure application resilience the applications and database services are hosted on redundant systems across multiple AWS availability zones within each region. For more information about security in AWS infrastructure visit AWS Security
During the signup process you will be able to choose US (N Virginia) or Ireland (EU) as your data storage location. The data is stored in the chosen region only and is not stored in other regions
All data transfer is encrypted using SSL.
User login passwords are checked against a salted, one-way hash and all login attempts are audited (successful and unsuccessful). A user is locked out after 6 unsuccessful attempts (lockout is reset after 30 minutes).
The database is in a private subnet that is not exposed to the Internet. All servers are hardened to PCI v3.2 standards and are regularly scanned for vulnerabilities by a PCI approved vendor and are 3rd party penetration tested by A-lign.
As part of our ISO 27001 certification and in compliance with GDPR we have a policy for breach detection and response.
SureView will notify you immediately following the discovery of any incident that involves or reasonably may involve the unauthorized access, use, disclosure, or loss of any Customer Data or any other suspected breach or compromise of the security, confidentiality, or integrity of any Customer Data.
SureView Operations is hosted on redundant servers across multiple AWS availability zones within the choosen regions.
Access to the SureView Operations Databases is limited to key, senior Sureview employees only, all of which have had full background checks.
Support Engineers may request screen-sharing sessions but will not have direct access to login to your SureView Operations account without you proactively granting permissions.
GDPR is a European Union (EU) data protection regulation that is intended to protect personal data. It is a requirement to follow this regulation if your business, your data or your customers/end users are based within the EU.
SureView strictly follows the GDPR regulations as best practices for data protection and ensures that businesses using Sureview Operations have the tools necessary to comply with GPDR.
GDPR requires users to consent to the use of non-essential (technical/functional) cookies. Sureview OPS does not use any non-essential cookies.
One essential in-built cookie is used to for SureView user session management and one essential external-cookie is used for the documentation and interactive support for the product (hosted by zendesk.com)
SureView Operations is designed to be able to securely store personal data (the details of which are covered in this Security FAQ). Only personal data that is required for effective security monitoring should be stored by users of SureView Operations and should be deleted (see “deleting personal data”) once the information is no longer relevant or necessary.
SureView Operations allows account administrators to permanently personal data. There are clear “delete” buttons against all entries of personal data and once deleted this information is removed from the Database and is not user recoverable.
Please note that deleting information from the live system does not remove it from previous SureView Operations daily Database backups. These backups are stored securely and permanently deleted after no more than 7 days.
SureView Operations gives the account administrators the ability to locate and export user and contact information if requested by the individual within the “Users” and “Contacts” pages.
The ability to access and view this data is strictly limited based on the individual user permission settings.