689Cloud’s service is hosted in cloud service providers that are audited and certified against industry standards. For example, AWS is compliant with the PCI, HIPAA, SSAE 16, SOC 2, and SOC 3 standards among others. A full list is available at https://aws.amazon.com/compliance/.
689Cloud personnel do not have physical access to the infrastructure and systems hosting customer data.
System configuration and patching occurs through an automated process, backed by source code management for change management, tracking and review.
Dedicated firewall and VPN services restrict edge access from off-premises.
Limited WAN-facing systems, which are segmented from the rest of the network.
Multiple factors of authentication (MFA) are required for operator access.
All systems are designed to break securely. For example, if no system accounts are configured on a system then no one can access it and default credentials are still disabled. Several monitoring systems are leveraged to cover 689Cloud’s entire infrastructure. Continuous security monitoring is performed with 689Cloud.
All network attached storage (AWS EBS volumes) are provisioned as encrypted volumes.
689Cloud never stores or receives credit card and payment information on its systems. We’ve partnered with a third party, PCI-certified vendor for credit card processing.
At 689Cloud we take any reports of vulnerabilities seriously. If you encounter a security issue with any of our software or services, please report it to email@example.com. We have an internal SLA for responding to such issues, and are committed to responding and fixing any issues promptly.
Please note that it is against our Terms of Service to run automated security scanning tools against our system without prior approval.