Security & Compliance
Information security, confidentiality, availability, processing integrity and privacy are vital to the business operations of our clients. As a SaaS provider we have to take exceptional measures to address these concerns. AltaSigma’s security architecture and practices encompass enhancements, learnings and insights from best-in-class SaaS providers. AltaSigma is committed to maintaining a safe and secure platform for our clients and business partners. AltaSigma has established an in-house information security and compliance responsibility that enhances the regulations that our IaaS providers, e.g. Amazon Web Services, provide. AltaSigma security policies and practices are designed to comply to the SOC 2 standards for service provider.
For more information see http://pcaobus.org/Standards/Attestation/Pages/AT101.aspx.
PHYSICAL SECURITY
AltaSigma does not store or process any of its clients’ data in its office locations, but rather in secure data centers (e.g. Open Telekom Cloud (OTC), Amazon Web Services (AWS)) that have been certified to meet industry security standards. For details of security standards please refer to the security information of the respective cloud provider.
CLOUD PLATFORM SECURITY
All AltaSigma clients are separated from the rest of the IaaS provider’s clients by being within an AltaSigma Virtual Private Cloud (VPC). Within the AltaSigma Virtual Private Cloud clients may share servers and compute nodes with other AltaSigma clients. Their data is never joined with other client’s data by virtue of the fact that they always get dedicated private data storages and private partitions in S3 buckets. AltaSigma relies on HTTPS with TLS encryption.
OPERATIONAL SECURITY
In addition to infrastructure and software security, there are other key aspects to securing a SaaS application that are operational in nature and deal with people, policies and physical assets. Access to the AltaSigma production environment is under strict control and limited to need-to-know. AltaSigma has strong policies and enforcement in place for Human Resources, Information Access, Security Incidents and Emergency Response. By strictly complying to the SOC 2 standards for service provider clients are reassured that AltaSigma complies with the highest standards in the SaaS world.