Information Security
Overview
Devensoft is certified in ISO 27001, ISO 27018 and EU-US Privacy Shield and trusted by Fortune 1000 companies to safeguard their data.
Along with its infrastructure partner Amazon Web Services (AWS), Devensoft supports a vast array of compliance programs. With many global public companies on our M&A platform, we are committed to protecting our customers’ data across the globe.
Your Privacy & Data Security
Securing our customers’ data is our top priority. Our software is accessed by companies around the world representing multiple industries, including banking, healthcare, financial services, pharmaceutical, manufacturing, technology, and more. We have been vetted and approved by our customers to store their confidential / restricted data.
We know customers care deeply about their privacy and data security. That’s why we have implemented sophisticated technical and physical controls designed to prevent unauthorized access to your information.
We know customers care deeply about their privacy and data security. That’s why we have implemented sophisticated technical and physical controls designed to prevent unauthorized access to your information.
Your Privacy & Data Security
Securing our customers’ data is our top priority. Our software is accessed by companies around the world representing multiple industries, including banking, healthcare, financial services, pharmaceutical, manufacturing, technology, and more. We have been vetted and approved by our customers to store their confidential / restricted data.
We know customers care deeply about their privacy and data security. That’s why we have implemented sophisticated technical and physical controls designed to prevent unauthorized access to your information.
We know customers care deeply about their privacy and data security. That’s why we have implemented sophisticated technical and physical controls designed to prevent unauthorized access to your information.
Access
Customers can manage access to their application instance and content. We provide an advanced set of data access and logging features to help you do this effectively. We support both user and role based permissions.
Encryption
We provide strong encryption for content in transit using SSL and at rest using AES 256-bit encryption.
Database Security
All data at rest is secured using disk-level encryption. All data that is backed up is equally encrypted.
Audit Logs
The application tracks all logins and data changes at a data field-level by user. A comprehensive Audit Report can be run by the customer at any time.
Storage
Our primary hosting region is in the US East (Northern Virginia). However, customers may elect a different region to process and store their data based on their legal and regulatory requirements.
Customer Data
You maintain ownership of your data at all times. You can export and import your data at any given time.
Single Sign On & MFA
We support SSO for Active Directory, PingID and other identity providers and Multi Factor Authentication.
Intrusion & Malware Protection
We use state-of-the-art security software that provides intrusion detection and prevention, anti-malware, file and system integrity monitoring, and log inspection.
Security Assurance Programs
SOC Reports
Service Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how AWS achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the AWS controls established to support operations and compliance.
The SOC 2 Security & Availability and SOC 3 Security Reports are prepared in accordance with Attestation Standard Section 101 (AT 101) which is a standard that enables an auditor to report on subject matter other than financial statements based on the AICPA Guide Reporting on Controls at a Service Organization Relevant to Security Availability, Processing Integrity, Confidentiality, or Privacy and Trust Services Principles and Criteria.
The SOC 2 Security & Availability and SOC 3 Security Reports are prepared in accordance with Attestation Standard Section 101 (AT 101) which is a standard that enables an auditor to report on subject matter other than financial statements based on the AICPA Guide Reporting on Controls at a Service Organization Relevant to Security Availability, Processing Integrity, Confidentiality, or Privacy and Trust Services Principles and Criteria.
ISO 27001 Certified
Devensoft maintains a certified ISO 27001 Information Security Management System (ISMS). ISO 27001 is an international security management standard that specifies security management best practices and comprehensive security controls following the ISO 27002 best practice guidance. This is a widely-recognized international security standard in which our customers showed significant interest.
The SOC 2 Security & Availability and SOC 3 Security Reports are prepared in accordance with Attestation Standard Section 101 (AT 101) which is a standard that enables an auditor to report on subject matter other than financial statements based on the AICPA Guide Reporting on Controls at a Service Organization Relevant to Security Availability, Processing Integrity, Confidentiality, or Privacy and Trust Services Principles and Criteria.
The SOC 2 Security & Availability and SOC 3 Security Reports are prepared in accordance with Attestation Standard Section 101 (AT 101) which is a standard that enables an auditor to report on subject matter other than financial statements based on the AICPA Guide Reporting on Controls at a Service Organization Relevant to Security Availability, Processing Integrity, Confidentiality, or Privacy and Trust Services Principles and Criteria.
ISO 27018 Certified
Devensoft is ISO 27018 certified. ISO 27018 is the first International code of practice that focuses on protection of personal data in the cloud. It is based on ISO information security standard 27002 and provides implementation guidance on ISO 27002 controls applicable to public cloud Personally Identifiable Information (PII). It also provides a set of additional controls and associated guidance intended to address public cloud PII protection requirements not addressed by the existing ISO 27002 control set.
EU-US Privacy Shield Certified
Devensoft is certified to the Privacy Shield Principles. The EU-US Privacy Shield Framework is designed by the U.S. Department of Commerce and the European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce. Information about the EU-US Privacy Shield Framework is available at https://www.privacyshield.gov/welcome.
EU GDPR Compliance
The EU Data Protection Directive refers to the Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data (also known as Directive 95/46/EC). Broadly, this Directive sets out a number of data protection requirements, which apply when personal data is being processed.
Devensoft customers can choose to use one region, all regions or any combination of regions where their data will be stored. This allows customers with specific geographic requirements to establish environments in a location(s) of their choice.
Devensoft customers can choose to use one region, all regions or any combination of regions where their data will be stored. This allows customers with specific geographic requirements to establish environments in a location(s) of their choice.
Cloud Security Alliance
Devensoft and AWS participate in the Cloud Security Alliance (CSA). CSA is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem.
SOC Reports
Service Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how AWS achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the AWS controls established to support operations and compliance.
The SOC 2 Security & Availability and SOC 3 Security Reports are prepared in accordance with Attestation Standard Section 101 (AT 101) which is a standard that enables an auditor to report on subject matter other than financial statements based on the AICPA Guide Reporting on Controls at a Service Organization Relevant to Security Availability, Processing Integrity, Confidentiality, or Privacy and Trust Services Principles and Criteria.
The SOC 2 Security & Availability and SOC 3 Security Reports are prepared in accordance with Attestation Standard Section 101 (AT 101) which is a standard that enables an auditor to report on subject matter other than financial statements based on the AICPA Guide Reporting on Controls at a Service Organization Relevant to Security Availability, Processing Integrity, Confidentiality, or Privacy and Trust Services Principles and Criteria.
ISO 27001 Certified
Devensoft maintains a certified ISO 27001 Information Security Management System (ISMS). ISO 27001 is an international security management standard that specifies security management best practices and comprehensive security controls following the ISO 27002 best practice guidance. This is a widely-recognized international security standard in which our customers showed significant interest.
The SOC 2 Security & Availability and SOC 3 Security Reports are prepared in accordance with Attestation Standard Section 101 (AT 101) which is a standard that enables an auditor to report on subject matter other than financial statements based on the AICPA Guide Reporting on Controls at a Service Organization Relevant to Security Availability, Processing Integrity, Confidentiality, or Privacy and Trust Services Principles and Criteria.
The SOC 2 Security & Availability and SOC 3 Security Reports are prepared in accordance with Attestation Standard Section 101 (AT 101) which is a standard that enables an auditor to report on subject matter other than financial statements based on the AICPA Guide Reporting on Controls at a Service Organization Relevant to Security Availability, Processing Integrity, Confidentiality, or Privacy and Trust Services Principles and Criteria.
ISO 27018 Certified
Devensoft is ISO 27018 certified. ISO 27018 is the first International code of practice that focuses on protection of personal data in the cloud. It is based on ISO information security standard 27002 and provides implementation guidance on ISO 27002 controls applicable to public cloud Personally Identifiable Information (PII). It also provides a set of additional controls and associated guidance intended to address public cloud PII protection requirements not addressed by the existing ISO 27002 control set.
EU-US Privacy Shield Certified
Devensoft is certified to the Privacy Shield Principles. The EU-US Privacy Shield Framework is designed by the U.S. Department of Commerce and the European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce. Information about the EU-US Privacy Shield Framework is available at https://www.privacyshield.gov/welcome.
EU GDPR Compliance
The EU Data Protection Directive refers to the Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data (also known as Directive 95/46/EC). Broadly, this Directive sets out a number of data protection requirements, which apply when personal data is being processed.
Devensoft customers can choose to use one region, all regions or any combination of regions where their data will be stored. This allows customers with specific geographic requirements to establish environments in a location(s) of their choice.
Devensoft customers can choose to use one region, all regions or any combination of regions where their data will be stored. This allows customers with specific geographic requirements to establish environments in a location(s) of their choice.
Cloud Security Alliance
Devensoft and AWS participate in the Cloud Security Alliance (CSA). CSA is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem.