Difference between revisions of "FAQ:Data and Security"
| Line 15: | Line 15: | ||
==Is the data encrypted and secure both in motion and at rest?== | ==Is the data encrypted and secure both in motion and at rest?== | ||
| − | + | Data is encrypted where possible\practical but remains secure at all times (Even though full disk encryption is not enabled, choice of data centre\infrastructure\product architecture\processes and ethos ensure that data is secure). All backups are fully encrypted and specific fields are encrypted at rest. Full at rest encryption, of the database, is not practical as it prevents searching or other data functions. All data in motion is encrypted either via HTTPS\SSL or other means. | |
==Does Hornbill regularly undertake penetration testing against the service?== | ==Does Hornbill regularly undertake penetration testing against the service?== | ||
Revision as of 07:27, 4 December 2015
What If I need a copy of my data what is involved, and how frequently can I get hold of it?
Firstly it's your data so by definition you are entitled to ask for a copy. Should you need a copy all you need to do is provide Hornbill with notice that you require this, typically no less than 14 days notice is required, and we will make available a copy of your data. Hornbill will provide a copy of your data by request once every 90 days at no additional cost.
Should you require a scheduled push of your data we offer an optional service called "Hornbill Data Assurity" where we proactively archive and deliver a complete copy of your customer data to a cloud service of your choosing that you control (Amazon S3 for example) on a scheduled regular basis, typically once a month.
Who is entitled to ask for a copy of my data to be provided?
Only the named Account Authority for your instance can make a request for a copy of your customer data to the Hornbill Cloud team. Any other requests will be referred back to the named Account Authority.
My security team have asked to know where the data is held?
All data is held in the geographical legal entity associated with the instance. Therefore if your instance is in Europe your data remains in Europe, if your instance is in North America your data remains in North America.
Is the data encrypted and secure both in motion and at rest?
Data is encrypted where possible\practical but remains secure at all times (Even though full disk encryption is not enabled, choice of data centre\infrastructure\product architecture\processes and ethos ensure that data is secure). All backups are fully encrypted and specific fields are encrypted at rest. Full at rest encryption, of the database, is not practical as it prevents searching or other data functions. All data in motion is encrypted either via HTTPS\SSL or other means.
Does Hornbill regularly undertake penetration testing against the service?
Answer....
Under Data Protection legislation, my legal team want to know who will have access to the data?
Answer....
How much storage do I get on my Hornbill instance, and what happens if I need more?
By default your instance is automatically provisioned with 30GB of Storage. Additional storage is available should you require it and is charged at £0.20 per GB.
How long does Hornbill retain the data for if we cancel our subscription?
In the event you choose to terminate your agreement Hornbill will retain your customer Data for a period of 30 Days from the Date of Termination. We will of course provide you with a copy of this data upon request in an industry standard machine readable format.
Does Hornbill perform background checks on personnel with administrative access to servers, applications and customer data?
Answer...
What measures are in place for Data Transfer Security?
Answer...