Actabl Data Privacy and Security
Actabl is committed to providing secure products that protect the personal data and privacy of its customers through reasonable and responsible data and security practices. The following are highlights of Actabl’s data privacy and information security practices.
Actabl products leverage leading cloud providers, including Amazon Web Services (AWS) and Microsoft Azure, which feature robust security and data privacy compliance programs. These programs include:
- SOC 1, SOC 2, SOC 3
- ISO 27001, ISO 27017, ISO 27701, ISO 27018
- PCI DSS Level 1
- Cloud Security Alliance (CSA)
- GDPR, CCPA
Additionally, Actabl leverages the cloud provider’s Virtual Private Clouds and Virtual Networks to provide isolated, dedicated and secure environments for Actabl products hosted in the cloud.
Data Center Physical Security
Actabl products – whether hosted in AWS, Microsoft Azure, or colocation data centers – feature robust physical security controls, including:
- Restricted and secure access
- Closed Circuit Television monitoring
- Intrusion detection
- Redundant power
- Environmental controls including regulated temperature, fire detection and suppression, water leak detection
Actabl products comply with a number of security and data privacy standards based on risk exposure associated with the product. Compliance programs include:
- SOC 1, SOC 2
- PCI DSS
- GDPR, CCPA
In Actabl’s ongoing commitment to data privacy, Actabl supports data subject rights, including the right to erasure, under GDPR, CCPA and similar data privacy laws.
Application and Network Security
Actabl products incorporate robust application security practices into their Software Development Lifecycle (SDLC) to ensure applications are tested for security flaws regularly and early in the SDLC, and that any identified flaws are remediated timely. Application and network security processes include:
- Dynamic Application Security Testing (DAST)
- Static Application Security Testing (SAST)
- External Network Security Scanning
Web Application Firewall
Actabl deploys an industry leading Web Application Firewall (WAF) to further protect its products against application layer attacks, including OWASP Top 10 threats.
Encryption and Tokenization
Actabl products encrypt customer data both in transit and at rest using industry standard encryption protocols:
- In transit: HTTPS / TLS 1.2
- At rest: AES-256
In addition, in cases where payment cards are used in the product, PCI-compliant tokenization vendors are leveraged so that no payment card data resides in Actabl databases.
Actabl employs encrypted data backup and recovery processes designed to ensure that data can be recovered in the event of unexpected loss.
Actabl products employ a combination of annual, external (third-party) and internal penetration testing against applications and infrastructure to further test for security vulnerabilities. Current third-party penetration vendors include:
Actabl products utilize separate environments for development, testing/QA and production.
Actabl regularly performs security threat and risk assessments on critical information systems using an industry-standard risk assessment methodology.
Actabl incorporates reasonable human resources controls to ensure our people are responsible and equipped with knowledge to help ensure customer data remains private and secure, including:
- Background Checks
- Security Awareness Training, including Phishing simulation
- Secure Coding Practices Training
- Role Based Permissions + Principle of Least Privilege
- Quarterly User Access Reviews
- Multi-Factor Authentication (MFA) enforced wherever possible