Peerview Data Security

Organizational Security

Information Security Policy

We have an Information Security Policy that is communicated throughout the organization. Our Information Security Policy follows the criteria set forth by the SOC 2 Framework. SOC 2 is an information security auditing procedure created by the American Institute of Certified Public Accountants.

Third-Party Audits

Our organization undergoes independent third-party assessments to test our security and compliance controls.

Roles and Responsibilities

We have clearly defined and documented roles and responsibilities related to our Information Security Policy and the protection of our customer’s data. Each security policy must be read and approved by each member of our team.

Security Awareness Training

Employee security awareness training, which covers industry best practices and information security issues like password management, is a requirement for all members of our team.

Confidentiality

Before starting employment, every team member must agree to abide by an industry-standard confidentiality agreement.

Background Checks

We perform background checks on all new team members in accordance with local laws. 

 

Access Security

Permissions and Authentication

Only authorized personnel who need it for their jobs have access to critical tools and cloud infrastructure. 

To safeguard access to cloud services, we have Single Sign-on (SSO), two-factor authentication (2FA), and strict password policies where available.

Least Privilege Access Control

We use the least privilege principle with regards to identity and access management.

Quarterly Access Reviews

We perform quarterly reviews of all Peerview Data members with access to sensitive systems.

Password Requirements

All Peerview Data members are required to have a minimum set of password requirements and complexity.

 

Cloud Security

Cloud Infrastructure Security

Our application is hosted with Heroku. They employ a robust security program with multiple certifications. We use Heroku add-ons and firewalls for our application and make sure any file uploads are checked for viruses and malware. For more information on Heroku’s security processes, please visit Heroku Security.

Data Hosting Security

All of our data is hosted on Heroku databases and Amazon Web Services (AWS) S3 Buckets. These databases are all located in the United States. Please reference vendor-specific documentation here: AWS Security & Heroku Security

Encryption at Rest

Databases are all encrypted at rest.

SSL/TLS

Our application uses SSL/TLS certificates.

Vulnerability Scanning 

We perform vulnerability scanning and monitor for threats.

Logging and Monitoring

We log and monitor cloud infrastructure.

Business Continuity and Disaster Recovery

We use the backup services offered by our data hosting providers in the event of hardware failures. When there are any failures that affect users, we have monitoring services to notify our team.

Incident Response

We have protocols in place for dealing with information security incidents that involve customer communication.

 

Vendor and Risk Management

Annual Risk Assessments

We perform risk assessments annually to identify any potential threats. 

Vendor Risk Management

Vendor risks and reviews are performed before authorizing a new vendor.

 

Contact Us

If you have any questions, concerns, or wish to report a potential security issue, please contact us at support@peerviewdata.com.