Security and Availability

Systems, controls, and processes to ensure exceptional data security and privacy

Data protection and continuous operations are important for the hundreds of security and compliance-minded companies using Sentieo today. We’ve incorporated established best practices and industry certifications into our platform and operations to develop a world-class data security and availability program that protects our internal operations while providing our customers with peace of mind.

Encrypted Data Transfer and Storage

Your data is protected in transit and at rest using a variety of industry-standard access controls and best practices, including:

  • Communication to our servers via HTTPS secure web protocol and following user-authenticated login
  • Authentication of user requests via one-way encryption against a secure database and named servers with specific access keys
  • Automatic encryption of all customer content using Advanced Encryption Standard (AES) 256
  • Encryption of database, search engine, and system drives that store user data

Secure Cloud Computing With AWS

All of our development, testing, and production environments, as well as our supporting infrastructure, live within the Amazon Web Services (AWS) cloud computing environment, featuring:

  • Climate-controlled independent cooling systems, uninterruptable power supply (UPS) and fire suppression
  • Video surveillance and dual-authentication barriers, including biometric scanners, of physical access to sensitive areas
  • 24/7 staffing by background check-cleared and trained security technicians
  • Server access that is protected by multi-factor authentication protocols, and identity access management using secure communication sessions over SSL/TLS

High Availability

Our commitment to continuous operations and high availability of the Sentieo platform extend well beyond the standards set by AWS for all of their customers. Additional controls we’ve put in place include:

  • Replication of our production data to redundant systems
  • Risk mitigation planning, including regular disaster recovery drills and penetration testing

Comprehensive Internal Controls and Processes

Our information security program and infrastructure design align with industry standards regarding security and risk management best practices, including:

  • Limited access to a user’s personal information
  • Security incident management
  • Change and configuration management
  • Adherence to the principle of least privilege for access control

Compliance With Global Security Standards

Sentieo is certified SOC 2, Type 1 compliant and adheres to global security standards for monitoring, testing, and auditing, ensuring our ability to protect customer security through:

  • Daily backups to support data restoration if needed
  • Emergency protocol procedures to respond to unplanned events
  • Ongoing information technology risk planning
  • Comprehensive staff training on information security
  • Regular penetration and vulnerability testing by third party experts
  • Constant monitoring for access anomaly detection and web service uptime for potential denial of service attacks