essensys is committed to achieving and maintaining the trust of our customers. Integral to this mission is providing a robust security and privacy program that carefully considers data protection matters across our services, including data submitted by customers to our services (“Customer Data”).
This documentation describes the architecture of the security- and privacy-related audits and the administrative, technical and physical controls applicable to the essensys services.
ARCHITECTURE AND DATA SEGREGATION
The Services are operated in a multitenant architecture that is designed to segregate and restrict Customer Data access based on business needs. The architecture provides an effective logical data separation for different customers via customer-specific databases and allows the use of customer and user role-based access privileges. Additional data segregation is ensured by providing separate environments for different functions, especially for testing and production.
CONTROL OF PROCESSING
essensys has implemented procedures designed to ensure that Customer Data is processed only as instructed by the customer, throughout the entire chain of processing activities by essensys and its sub-processors. In particular, essensys have agreements with their sub-processors containing privacy, data protection and data security obligations that provide a level of protection appropriate to their processing activities. Compliance with such obligations as well as the technical and organizational data security measures implemented by essensys and its sub-processors are subject to regular audits.
AUDITS AND CERTIFICATIONS
The following security and privacy-related audits and certifications are applicable to the Services.
- Binding Corporate Rules (BCR) for Processors: Customer Data submitted to the services is within the scope of the essensys BCR for Processors. The most current version of the essensys BCR for Processors is available on essensys’ website, currently located at http://www.essensysbak29.wpengine.com
- EU-U.S. and Swiss-U.S. Privacy Shield certification: Customer Data submitted to the Services is within the scope of an annual certification to the EU-U.S. Privacy Shield Framework as administered by the U.S. Department of Commerce.
- ISO 27001/27017/27018 certification: essensys is working towards an information security management system (ISMS) for the Covered Services in accordance with the ISO 27001 international standard and aligned to ISO 27017 and ISO 27018.
- Service Organization Control (SOC) reports: essensys’ information security control environment applicable to the Covered Services will undergo an independent evaluation in the form of SOC 1* (SSAE 18 / ISAE 3402), SOC 2 and SOC 3 audits.
* essensys are currently working towards this certification.
Additionally, the Services undergo security assessments by internal personnel and third parties, which include infrastructure vulnerability assessments and application security assessments, on at least an annual basis.
Security Policies and Procedures
The Services are operated in accordance with the following policies and procedures to enhance security:
- Customer passwords are stored using a one-way salted hash.
- User access log entries will be maintained, containing date, time, user ID, URL executed or entity ID operated on, operation performed (created, updated, deleted) and source IP address. Note that source IP address might not be available if NAT (Network Address Translation) or PAT (Port Address Translation) is used by Customer or its ISP.
- If there is suspicion of inappropriate access, essensys can provide customers log entry records and/or analysis of such records to assist in forensic analysis when available. This service will be provided to customers on a time and materials basis.
- Data centre physical access logs, system infrastructure logs, and application logs will be kept for a minimum of 60 days. Logs will be kept in a secure area to prevent tampering.
- Passwords are not logged.
- essensys personnel will not set a defined password for a user. Passwords are reset to a random value (which must be changed on first use) and delivered automatically via email to the requesting user.
essensys, or an authorized third party, will monitor the Services for unauthorized intrusions using network-based and/or host-based intrusion detection mechanisms. essensys may analyse data collected by users’ web browsers (e.g., device type, screen resolution, time zone, operating system version, browser type and version, system fonts, installed browser plug-ins, enabled MIME types, etc.) for security purposes, including to detect compromised browsers, to prevent fraudulent authentications, and to ensure that the Services function properly.
All systems used in the provision of the Services, including firewalls, routers, network switches and operating systems, log information to their respective system log facility or a centralized syslog server (for network systems) in order to enable security reviews and analysis.
essensys maintains security incident management policies and procedures. essensys notifies impacted customers without undue delay of any unauthorized disclosure of their respective Customer Data by essensys or its agents of which essensys becomes aware to the extent permitted by law.
essensys typically notifies customers of significant system incidents by email, and for incidents lasting more than one hour, may invite impacted customers to join a conference call about the incident and essensys’ response.
Access to Services requires authentication via one of the supported mechanisms, including user ID/password, SAML based Federation, Oauth, Social Login, or Delegated Authentication as determined and controlled by the customer. Following successful authentication, a random session ID is generated and stored in the user’s browser to preserve and track session state.
Production data centres used to provide the Services have access control systems that permit only authorized personnel to have access to secure areas. These facilities are designed to withstand adverse weather and other reasonably predictable natural conditions, utilize redundant electrical and telecommunications systems, employ environmental systems that monitor temperature, humidity and other environmental conditions, and contain strategically placed heat, smoke and fire detection and suppression systems. Facilities are secured by around-the-clock guards, interior and exterior surveillance cameras, two-factor access screening and escort-controlled access. In the event of a power failure, uninterruptible power supply and continuous power supply solutions are used to provide power while transferring systems to on-site back-up generators.