Security statement

Application and User Security

  • SSL/TLS Encryption: All communications with the minapsys.com website are sent over SSL/TLS connections. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) technology (the successor technology to SSL) protect communications by using both server authentication and data encryption. This ensures that user data in transit is safe, secure, and available only to intended recipients.

  • User Authentication: User data on our database is logically segregated by account-based access rules. User accounts have unique usernames and passwords. Minapsys issues a session cookie only to establish specific sessions. The session cookie does not include the password of the user.

  • User Passwords:User application passwords have minimum complexity requirements. Passwords are individually salted and hashed.

  • Data Encryption: All data in our database is stored in encrypted format.

  • Privacy: We have a comprehensive privacy policy that provides a very transparent view of how we handle your data, including how we use your data, who we share it with, and how long we retain it.

 

Physical Security

  • Data Centers: Our information systems infrastructure (servers, networking equipment, etc.) is collocated at third party data centers.

  • Data Center Security: Our data centers are staffed and surveilled 24/7. Access is secured by security guards, visitors logs, and entry requirements such as passcards and biometric recognition, man-traps. Our equipment is kept in locked cages and any visitors are escorted.

  • Environment Controls:Our data center is maintained at controlled temperatures and humidity ranges which are continuously monitored for variations. Smoke and fire detection and response systems are in place.

  • Location: All user data is stored on servers located in the United States, Europe and Asia

 

Availability

  • Connectivity: Fully redundant IP network connections with multiple independent connections to a range of Tier 1 Internet access providers.

  • Uptime: Continuous uptime monitoring, with immediate escalation to Minapsys staff for any downtime.

  • Fallover:All our application and duplicated with automatic load balancing and health monitoring.

 

Network Security

  • Uptime: Continuous uptime monitoring, with immediate escalation to Minapsys staff for any downtime.

  • Testing: System functionality and design changes are verified in an isolated test “sandbox” environment and subject to functional and security testing prior to deployment to active production systems.

  • Firewall: Firewall restricts access to all ports except 80 (http) and 443 (https).

  • Intrustion Detection/Intrusion Prevention: Intrusion detection systems and intrusion prevention systems detect, mitigate and/or prevent interference or access from outside intruders.

  • Access Control: Secure VPN access from allowed hosts only with authentication and role based permissions for authorized engineering staff.

 

Storage Security

  • Backup Frequency: Backups occur hourly internally, and daily to a centralized backup system.

 

Organizational & Administrative Security

  • Employee Screening: We perform background screenings on all employees. Only the most trusted individuals are hired as developers.

  • Access: Access controls to sensitive data in our databases, systems and environments are set on a need-to-know / least privilege necessary basis.

  • Audit Logging: We maintain and monitor audit logs on our services and systems.

 

Development Practices

  • Coding Practices Our engineers use best practices and industry-standard secure coding guidelines to ensure secure coding.

 

Handling of Security Breaches
Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if Minapsys learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Notification procedures include providing email notices or posting a notice on our website if a breach occurs.

 

Your Responsibilities
Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems, to keep any data you download to your own computer away from prying eyes. We offer SSL to secure the transmission of session responses.

 

Custom Requests
Due to the number of customers that use our service, specific security questions or custom security forms can only be addressed for customers purchasing a certain volume of user accounts within a Minapsys Enterprise subscription. If your company has a large number of potential or existing users and is interested in exploring such arrangements, please contact us.

 

This policy is effective from March 24, 2014.