Security and Compliance

Your stuff is in the right hands. Find all about our security and compliance policies here.

Network & Infrastructure Security

Hosting

ProdPad is hosted on Amazon Web Service (“AWS”) in the EU (Ireland) region. Full details on the AWS security measures can be found here https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Whitepaper.pdf

If you are interested in hosting on another cloud provider or on-premise, get in touch with sales@prodpad.com.

Physical Security

For full details of AWS physical security see https://aws.amazon.com/compliance/data-center/data-centers/

Encryption

All data is encrypted in transit both within the ProdPad network and between you and the application using TLS/SSL. The encryption is based on RSA 256 bit keys with perfect forward secrecy using EDCA.

Infrastructure Scans

Weekly infrastructure vulnerability and configuration scans are conducted using a variety of services. Any identified issues are addressed based on the risk rating produced by the scans.

Firewalls

Firewalls exist at both the network layer via virtual private cloud (“VPC”) and on each host. The VPC serves to isolate ProdPad servers from the rest of the AWS network. The infrastructure within the VPC can only be accessed via Application Load Balancers (“ALB”).

AWS Security Groups (“AWS SG”) and VPC Access Control Lists (“VPC ALC”) provide both inbound, outbound and internal content policies.

Intrusion Detection (network & host)

Intrusion detection systems operate on each host and at the network/infrastructure level.

Audit Log

All network traffic, infrastructure actions and performance is logged and available for audit, security and compliance purposes. Various alerts are set up on the logging in order to provide early response to incidents.

Comments