689Cloud’s service is hosted in cloud service providers that are audited and certified against industry standards. For example, AWS is compliant with the PCI, HIPAA, SSAE 16, SOC 2, and SOC 3 standards among others. A full list is available at https://aws.amazon.com/compliance/.
689Cloud personnel do not have physical access to the infrastructure and systems hosting customer data.
System and Host Level Security
System configuration and patching occurs through an automated process, backed by source code management for change management, tracking and review.
Dedicated firewall and VPN services restrict edge access from off-premises.
Limited WAN-facing systems, which are segmented from the rest of the network.
Multiple factors of authentication (MFA) are required for operator access.
All systems are designed to break securely. For example, if no system accounts are configured on a system then no one can access it and default credentials are still disabled.
Several monitoring systems are leveraged to cover 689Cloud’s entire infrastructure. Continuous security monitoring is performed with 689Cloud.
Data Security and Backups
User data and access:
Encryption in Transit
All private data exchanged with 689Cloud over the Internet is encrypted in transit.
Encryption at Rest
All network attached storage (AWS EBS volumes) are provisioned as encrypted volumes.
Credit Card and Payment Information
689Cloud never stores or receives credit card and payment information on its systems. We’ve partnered with a third party, PCI-certified vendor for credit card processing.
Reporting Security Issues
At 689Cloud we take any reports of vulnerabilities seriously. If you encounter a security issue with any of our software or services, please report it to email@example.com. We have an internal SLA for responding to such issues, and are committed to responding and fixing any issues promptly.
Please note that it is against our Terms of Service to run automated security scanning tools against our system without prior approval.