Hosting and Physical Security
Scopum utilizes ISO 27001 and FISMA certified data centers managed by Amazon. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state-of-the-art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
Amazon only provides data center access and information to employees who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical and electronic access to data centers by Amazon employees is logged and audited routinely.
For additional information see: https://aws.amazon.com/security
Compliance and Privacy
To keep your data secure and private, Scopum stores customers’ private data encrypted using AES 256-bit encryption. Encryption keys are unique for every customer, and our employees don't have access to them, and cannot decrypt customers’ data. Only the top level administrators have administrative access to Scopum's virtual machines.
Scopum complies with the European Union's Global Data Protection Regulation (GDPR).
Scopum complies with HIPAA requirements for Protected Health Information (PHI), and we are ready to sign a Business Associate Agreement (BAA) with customers who are subject to HIPAA mandates.
Scopum is PCI DSS -compliant. We have selected the secure payment technology company Stripe for our credit card processing needs. Using Stripe, no cardholder data is ever stored or processed on Spoke’s servers. For PCI Compliance, all Spoke payment data and transaction processing is delegated to Stripe. Stripe is certified to the highest industry standards, including PCI DSS Level 1 certification and various rigorous standards across the globe.
Scopum's physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
Retention of User Data
Users’ private data stored by Scopum, is encrypted at rest using AES 256-bit encryption, which is one of the strongest ciphers available.
Scopum stores the following customers’ data:
- Synchronization logs - Scopum stores per-record error logs when a data sync fails to transfer some records, and these logs may contain some customers’ data. For certain integration kinds and certain data sources Scopum also stores per-record logs of successfully loaded records. They are not stored forever, from time to time old logs are deleted, and you can delete old logs manually.
- Connection parameters - To maintain integrations, Scopum stores the necessary connection parameters for your data sources. Credentials are stored encrypted using AES 256-bit encryption.
- Connection metadata - Scopum stores names and types of objects and fields in customers’ data sources in order to display them in its customer interface. This is the only part of customers’ data, visible to our employees. They may access it in order to provide better assistance to the customers in their specific use cases.
- Temporary cache - Occasionally, when running integrations, Scopum may cache some of the customers’ data. This cache is stored only while the operation is running, and is immediately deleted after it finishes.
If our customer decides to stop using Scopum and delete their account and all the connected data, they can do so in their profile. After a confirmation, we will delete the account and all the related data.
Scopum is using an AWS Virtual Privacy Cloud inside the AWS platform. All the virtual machines, on which Scopum is running, are protected by the firewall and routing rules, and only ports, required for Scopum functioning, are open.
Scopum can be accessed only via HTTPS. All the customers data is encrypted in transit using TLS end-to-end encryption and strong encryption keys with length of at least 128 bits. All the interactions between our interface and APIs are also encrypted.
For all the data sources that support OAuth connections, Scopum uses OAuth connections by default. This means that you don't need to provide your data source credentials to Scopum, and they are not stored on our servers. You can revoke OAuth access to your data at any time. These OAuth tokens are stored encrypted on Scopum.
For data sources that do not support OAuth, credentials are stored in an encrypted form on our server in the AWS Cloud. Our employees don't have access to connection strings of our customers - for both OAuth- and credentials-based connections.
Scopum allows signing in either by creating an account with email and password. Scopum uses strong hashing mechanism for passwords. Passwords are not stored on Scopum servers, only secure hash is stored.
Scopum is developed is developed with a security-first mindset, and meets and exceeds all necessary secure coding practices and standards. Scopum developers are experienced and trained for secure coding, and Scopum's code includes measures for minimizing and mitigating security risks and breaches. Scopum team regularly conducts automated security tests and checks for vulnerabilities.
Last Revised: June 24, 2019