Peerview Data Security
(Last Updated December 12, 2023)
Organizational Security
Information Security Policy
We have an Information Security Policy that is communicated throughout the organization. Our Information Security Policy follows the criteria set forth by the SOC 2 Framework. SOC 2 is an information security auditing procedure created by the American Institute of Certified Public Accountants.
Third-Party Audits
Our organization undergoes independent third-party assessments to test our security and compliance controls.
Roles and Responsibilities
We have clearly defined and documented roles and responsibilities related to our Information Security Policy and the protection of our customer’s data. Each security policy must be read and approved by each member of our team.
Security Awareness Training
Employee security awareness training, which covers industry best practices and information security issues like password management, is a requirement for all members of our team.
Confidentiality
Before starting employment, every team member must agree to abide by an industry-standard confidentiality agreement.
Background Checks
We perform background checks on all new team members in accordance with local laws.
Access Security
Permissions and Authentication
Only authorized personnel who need it for their jobs have access to critical tools and cloud infrastructure.
To safeguard access to cloud services, we have Single Sign-on (SSO), two-factor authentication (2FA), and strict password policies where available.
Least Privilege Access Control
We use the least privilege principle with regards to identity and access management.
Quarterly Access Reviews
We perform quarterly reviews of all Peerview Data members with access to sensitive systems.
Password Requirements
All Peerview Data members are required to have a minimum set of password requirements and complexity.
Cloud Security
Cloud Infrastructure Security
Our application is hosted with Heroku. They employ a robust security program with multiple certifications. We use Heroku add-ons and firewalls for our application and make sure any file uploads are checked for viruses and malware. For more information on Heroku’s security processes, please visit Heroku Security.
Data Hosting Security
All of our data is hosted on Heroku databases and Amazon Web Services (AWS) S3 Buckets. These databases are all located in the United States. Please reference vendor-specific documentation here: AWS Security & Heroku Security
Encryption at Rest
Databases are all encrypted at rest.
SSL/TLS
Our application uses SSL/TLS certificates.
Vulnerability Scanning
We perform vulnerability scanning and monitor for threats.
Logging and Monitoring
We log and monitor cloud infrastructure.
Business Continuity and Disaster Recovery
We use the backup services offered by our data hosting providers in the event of hardware failures. When there are any failures that affect users, we have monitoring services to notify our team.
Incident Response
We have protocols in place for dealing with information security incidents that involve customer communication.
Vendor and Risk Management
Annual Risk Assessments
We perform risk assessments annually to identify any potential threats.
Vendor Risk Management
Vendor risks and reviews are performed before authorizing a new vendor.
Contact Us
If you have any questions, concerns, or wish to report a potential security issue, please contact us at support@peerviewdata.com.