If personal data is stored/sent in Corporater SaaS, it will be encrypted at rest in the database backups and encrypted in transit (HTTPS) between the end user and AWS.
Physical Access Control
AWS provides physical data center access only to approved employees. All employees who need data center access must first apply for access and provide a valid business justification. These requests are granted based on the principle of least privilege, where requests must specify to which layer of the data center the individual needs access, and are time-bound.
Requests are reviewed and approved by authorized personnel, and access is revoked after the requested time expires. Once granted admittance, individuals are restricted to areas specified in their permissions.
Remote Access Control
Corporater SaaS platform infrastructure and application layer is accessed remotely by Corporater SaaS department which is ISO 27001 certified. Any employees who have access to Corporater SaaS are using MFA authentication and secure VPN during all operations.
All processing of data in Corporater SaaS is happening inside the customers dedicated VPC, and all resources in it (application server and database) are exclusively used for one customer per VPC.
During upgrades, we offer a separate Sandbox/Test environment in the same VPC.
Data Transfer Control
All traffic between Corporater SaaS and end-users web-browser accessing the application, is encrypted (HTTPS/SSL) using valid certificates. Any integrations are secured in a manner acceptable by the customer with for example VPN tunnels, or if applicable web-service endpoints on customer`s source system.
Data Entry Control
Access to either maintenance of the platform or configuration of the software is logged in own audit logs. Maintenance of the Corporater SaaS on AWS platform is logged within AWS.
Access and modifications to customer’s configuration is logged within the Corporater platform and is at all times available to customer’s administrators.