Assuring the confidentiality of data that your customers trust you with is one of your core operational imperatives. When handling this data for you, our top priority is to deliver a high performance service where the safety of customer data is at the forefront of all decisions we make.
Our service provider’s state of the art data centers are externally audited to A SSAE 16 SOC 1 Type I standard. 24x7x365 on site staff combined with biometric security and round-the-clock surveillance monitoring maintain protection against unauthorized entry and security breaches.
All your data is immediately written to disk and backed up in multiple locations. Our core mySQL datastores are replicated to additional datacenters run by different providers in both the US and the EU for extreme redundancy in the unlikely event of a multi-datacenter failure. We also retain daily backups of all databases. Attachments are stored in Amazon S3 which includes high availability backup as well as on our own backup servers.
Should you leave the DeskPRO service; we maintain backups of your accounts for 60 days; after which your data is completely deleted from all our systems.
To find out more about how to secure your DeskPRO On-Premise installation, see our security recommendations in the Sysadmin Manual.
We use a number of services including pingdom and serverdensity to monitor our servers performance. Pingdom reports our uptime as 99.97% for the last 12 months at the time of writing (Feb 2017).
Our datacenters in the United States are Safe Harbor compliant.
DeskPRO does not store your credit card data; we use SagePay to provide billing services. Your credit card data does momentarily pass through our servers and for this reason we are verified as Payment Card Industry Data Security Standard (PCI DSS) compliant. This compliance is handled by Security Metrics and includes a self-questionnaire and quarterly security scan of our servers.
Our responsible disclosure policy can be found here. We wish to thank the following security researchers: