Scalus takes the security of your data very seriously. We utilize physical security and data security procedures to provide a holistic secure service. Our approach to security seeks to ensure (i) that data are not deleted and audit trails are recorded and (ii) that data are not accessed without authorization. We are constantly revising our security procedures and policies as we improve our product.
The servers we use are located in ISO27001 certified data centers in Virginia and California. These data centers are SOC1 audited. These data centers are under 24/7 video monitoring and require badge and identification for access. A state-of-the-art alarm system is in place in both data centers that is regularly tested.
Data Storage and Encryption
All data communication with Scalus is encrypted both on our servers and in transit. We use 256-bit encryption and SSL to ensure your data is not susceptible to eavesdropping. In addition, sensitive data is stored on our servers in encrypted form that cannot be read except through strict security controls. Attachments and documents are stored using Amazon S3 and only accessible via an encrypted channel.
Application Users are required to establish a password and only given access to Scalus organizations for which they are invited. Your password is encrypted when sent to the server to ensure eavesdroppers cannot intercept. Scalus does not store any user-specific or sensitive information in cookies. Customers retain complete control over the authorization and de-authorization of their users.
Firewall and Operating System Security
A physical firewall exists in each data center that minimizes the risk of attacks from the outside. In addition, firewalls are in place on each web server that refuse all traffic from the Internet except for valid HTTPS connections. As a further level of protection, key application servers are designed to refuse all traffic from the outside world and to accept only connections from known internal servers. The Operating Systems on each of these servers is regularly updated with the latest security patches.
Data Security and Audit Trails
Scalus employs special measures to ensure no data is ever deleted while a Scalus organization is active. We also keep an audit trail of all major activities that any user takes with regards to emails and tasks within the application, including what material each user has viewed, and the source of each new addition to the application. Customers can, through the Scalus Settings system, setup different access levels for each user.
All data in Scalus is backed up hourly and restore procedures are tested regularly. Backups are stored in separate data centers to ensure availability in case of an outage. Backups are also encrypted. Scalus has adopted a disaster recovery business continuity plan designed to minimize disruption from the unexpected.
While we are confident in keeping your information secure, we take all potential security issues seriously. If you feel there are security issues or concerns, please do not hesitate to contact us at firstname.lastname@example.org.