We get a lot of questions about data and data security. We believe that complete transparency around our approach benefits our clients and prospects, so we want to share a little about that in this post. We will periodically update this post as things evolve, so feel free to check back.
Our Data Centers
When client data is stored on the EVX Software cloud, it is physically stored in a highly-specialized, third-party data center that is specially equipped to host servers, storage and networking equipment. Each possesses many security measures to control access as well as contingency measures to ensure a continuous supply of power and redundant network access. They also employ preventive measures to block intrusion attempts, cope with fires, earthquakes, and other acts of nature or vandalism that could affect a system server.
The EVX Software team uses only data center providers that meet our security standards, including physical security, network security and redundancy. Each data center has a 24 x 7 x 365 system monitoring plus redundant energy, fire prevention and additional hardware security systems. Physical access is limited by several security and surveillance measures to ensure only authorized personnel can access the systems. The providers we use are among the largest and most recognized in the world.
We disclose the provider and location of the data center used to house specific client information only at the request of a client. We can generally accommodate requests to use different facilities based on our client’s needs.
Technical Security Measures
EVX Software owns and manages its own proprietary security controls, firewalls, antivirus and monitoring systems to ensure 24 x 7 x 365 hardware and software support and control of all data and systems. ensuring detection and alerts over suspicious activity.
We maintain all hardware and ensure each is up to date with the latest versions of software and firmware. When new new software is made available by third-party software or hardware providers, especially those that address security vulnerabilities, we have processes in place to ensure rapid deployment of that software and firmware.
All hardware used for EVX Software clients is dedicated to their use. We do not share our hardware with any other service providers or leverage any virtual of infrastructure-as-a -service platforms to ensure data security.
Access to EVX Software’s servers is restricted by a dual password system. No EVX Software employee has the ability to access servers without the additional approval of an authorized colleague.
All data and information that is accessed in our data centers is done via standard HTTPS encryption via a web browser.
How, where and how often is the data backed up?
Backups are performed using state-of-the-art technology and are conducted in real time. Backups include a copy of the database as well as a copy of the file-system files, so data integrity is safeguarded in case of hardware or software failure.
Backups are performed to a separate server in a separate geographic location from the primary server. This protects the data from large-scale disasters that impact the primary data center (fires, earthquakes, armed attacks, etc.). For further data assurance, a weekly backup of each server is made and kept at a third geographic location.
All clients have, at their disposition, a copy of their system, which can be downloaded free of charge once a month; or more often should the client contract a higher frequency service.
Legal and process measures to ensure data confidentiality
EVX Software takes uses all reasonable legal measures to ensure client data is protected and confidential. The EVX Software Terms of Service clearly state that EVX Software does not own and has no rights over the customer’s data that is stored on its servers.
EVX Software takes all necessary actions to ensure compliance with the European Parliament General Data Protection Regulation (EU 2016/679, aka GDPR).
All personal information that EVX Software collects is either entered directly and with the consent of the person, or is publicly available, published and shared with the consent of the person.
For the purposes of this regulation, the appointed controller, processor, and data protection officer is Mr. Conrado Viña. All GDPR related concerns, compliance requests, rectification, and data removal requests shall be directed at firstname.lastname@example.org
Every EVX Software employee signs a Non-Disclosure Agreement with an obligation to respect and protect client’s data confidentiality.
In addition, no EVX Software employee is allowed to access a client database or file system, unless it is required for a specific and authorized system support task. In every case, the explicit authorization of the client is required.
Data centers used by EVX Software have security and confidentiality policies that are as strict or stricter than our policies. This means that data center employees have legal and technical restrictions that impede them from accessing the servers. EVX Software will keep strict secrecy and will not reveal nor concede client data stored within their EVX Software systems to third parties, neither during nor after the length of its contracts.
All data provided to EVX Software, either by clients or potential clients, will not be shared in any way unless the client or an authorized representative of the client makes an explicit request. Client data will be solely used for the provision, support, administration, and delivery of EVX Software products and services deliver.
Additionally, EVX Software offers the client the possibility to select the country of their Data Center, and an On-Premise (Feng Onsite) service, allowing the client to choose where to install and host its information.
System level permissions
Each of our clients wants to ensure that even those users they have granted access to the system are often limited in terms of what they can access. As a result, we have developed a very robust and granular permission system. The client defines permissions in the system directly, managing users permissions and rights. It is ultimately the client’s responsibility to determine who accesses and uses the information, but we’ve provided a very flexible system to manage that effectively.
All EVX Software access is done at a user level and protected by a password. EVX Software optionally provides an advanced password policy system.
We can also provide access control by IP address if the client requests for an additional level of security.If you have any further questions regarding our security policies or processes, please contact sales or your client success manager.