Data

Website: Operationalize.Business

Operationalize.Business has enabled logging on all critical systems. Logs include failed/successful login attempts, application access, administrator changes, and system changes. Logs are ingested by our observability and Security Incident and Event Management (SIEM) solution for log ingestion and automated logging/alerting capabilities.

Operationalize.Business stores customer data using a combination of databases. We provide durable infrastructure designed for high durability of objects. Automated backups of all customer and system data are enabled, and data is backed up daily at a minimum. Backups are encrypted in the same manner as live production data and are monitored and alerted.

Operationalize.Business customers are controllers of their data. Each customer is responsible for the information they create, use, store, process, and destroy. Customers can request data deletion or self-serve their own deletion when data is not subject to regulatory or legal retention requirements. For more information, please refer to our Privacy Policy and Data Processing Addendum.

Customer data is encrypted at rest using strong encryption methods. Data is encrypted when on Operationalize.Business’s internal networks, at rest in cloud storage, database tables, and backups.

Data sent in-transit is encrypted using secure protocols.

Operationalize.Business leverages third-party service providers for hosting our application and defers all data center physical security controls to them.

Operationalize.Business uses a defined SDLC to ensure that code is written securely. During the design phase, security threat modeling and secure design reviews are performed for new releases and updates. After code completion, we perform code audits, work with vendor companies or drive an internal penetration test, and conduct security scans. After launch, we host bug bounties and have a vulnerability management program to address severe security issues.

Operationalize.Business uses third-party Key Management Services (KMS) that automatically manage key generation, access control, secure storage, backup, and rotation of keys. Cryptographic keys are assigned based on least privilege access and are rotated yearly. Usage of keys is monitored and logged.

All public endpoints leverage a managed Web Application Firewall to deter attempts to exploit common vulnerabilities.

While Operationalize.Business handles the majority of data processing activities, we do engage third-party service providers for support in the following areas:

We ensure that each third-party service provider complies with our Privacy Policy and executes a legally binding agreement to maintain our standards of data protection and security.

Operationalize.Business employees will only access your data for troubleshooting problems or recovering content on your behalf.

Operationalize.Business is hosted on major cloud service providers.

Internal security audits are performed at least annually at Operationalize.Business.

Operationalize.Business leverages third-party applications for DDoS protection.

Operationalize.Business is hosted by third-party service providers who handle physical security for data centers.

Operationalize.Business’s infrastructure is hosted in a fully redundant, secured environment. Customer data is hosted by third-party service providers, which maintain reports, certifications, and third-party assessments to ensure best security practices.

Operationalize.Business utilizes third-party endpoint protection software for dedicated threat detection. The endpoint software detects intrusions, malware, and malicious activities on endpoints, assisting in rapid response.