Data Security and Technology

OfficeMaps is available either self-hosted on your own servers, or, cloud hosted by us, Radix Software.  This document provides information for cloud hosted OfficeMaps.

Radix Software manages a secure and scalable technology stack that is continuously monitored and patched to stay ahead of digital threats. Below is a summary of our policies and practices as they relate to compliance, privacy, and security.

Data Center Security and Certifications

OfficeMaps software is hosted in the AWS Cloud, powered by world leaders in data center management and security, Amazon Web Services. AWS maintain stringent security and data protection of the cloud environment and has numerous certifications. This includes SOC 1, SOC 2 and SOC 3 as well as ISO 27001, ISO 27017 and ISO 27018 certifications.  Learn more at https://aws.amazon.com/compliance/

Application Security

Traffic between customers and OfficeMaps is protected with highly secure in-transit encryption using secure TLS protocols and ciphers, along with 2048-bit encryption keys.

OfficeMaps is also protected from Distributed Denial of Service (DDoS) attacks with a state of the art managed protection service.

Data Security and Encryption

Customer data is encrypted in transit  to ensure end-to-end protection with the latest standards and protocols.  Databases are hosted in the AWS Relational Database Service and are not accessible externally.   All other data is encrypted at rest and protected from external access.

Radix Software’s developers and support staff do not have access to customer data.

Availability & Continuity

OfficeMaps is architected with an auto-scaling, high availability approach.  Incoming traffic is automatically distributed across servers and additional servers start automatically as load dictates, providing consistent performance and high-availability. Critical operational data is backed up automatically, and backups are tested to ensure integrity and recoverability.

All development and testing is conducted in a replica development/test environment and then released to production following a managed process.  Releases typically require no or minimal downtime.

PCI Compliance

Radix Software uses an industry-leading third party to process credit card transactions for customers who wish to pay by credit card. Radix Software does not store or possess any cardholder data relative to these transactions; this data is transmitted directly and securely to our upstream payment processor, a PCI-DSS Level 1 Service Provider.

Privacy

Radix Software is committed to protecting the privacy of our customers’ personal information. Please see our Privacy Policy for more information.

 

Date Of Last Update: 26 June 2017