Website: Operationalize.Business
Data Security
Access Monitoring
Operationalize.Business has enabled logging on all critical systems. Logs include failed/successful login attempts, application access, administrator changes, and system changes. Logs are ingested by our observability and Security Incident and Event Management (SIEM) solution for log ingestion and automated logging/alerting capabilities.
Backups Enabled
Operationalize.Business stores customer data using a combination of databases. We provide durable infrastructure designed for high durability of objects. Automated backups of all customer and system data are enabled, and data is backed up daily at a minimum. Backups are encrypted in the same manner as live production data and are monitored and alerted.
Data Erasure
Operationalize.Business customers are controllers of their data. Each customer is responsible for the information they create, use, store, process, and destroy. Customers can request data deletion or self-serve their own deletion when data is not subject to regulatory or legal retention requirements. For more information, please refer to our Privacy Policy and Data Processing Addendum.
Encryption at Rest
Customer data is encrypted at rest using strong encryption methods. Data is encrypted when on Operationalize.Business's internal networks, at rest in cloud storage, database tables, and backups.
Encryption in Transit
Data sent in-transit is encrypted using secure protocols.
Physical Security
Operationalize.Business leverages third-party service providers for hosting our application and defers all data center physical security controls to them.
Application Security
Software Development Lifecycle (SDLC)
Operationalize.Business uses a defined SDLC to ensure that code is written securely. During the design phase, security threat modeling and secure design reviews are performed for new releases and updates. After code completion, we perform code audits, work with vendor companies or drive an internal penetration test, and conduct security scans. After launch, we host bug bounties and have a vulnerability management program to address severe security issues.
Credential Management
Operationalize.Business uses third-party Key Management Services (KMS) that automatically manage key generation, access control, secure storage, backup, and rotation of keys. Cryptographic keys are assigned based on least privilege access and are rotated yearly. Usage of keys is monitored and logged.
Web Application Firewall (WAF)
All public endpoints leverage a managed Web Application Firewall to deter attempts to exploit common vulnerabilities.
Security Profile
While Operationalize.Business handles the majority of data processing activities, we do engage third-party service providers for support in the following areas:
- Member Support
- Cloud Storage
- Payment Processing
- Data Analysis and Consulting
We ensure that each third-party service provider complies with our Privacy Policy and executes a legally binding agreement to maintain our standards of data protection and security.
Data Access Level
Operationalize.Business employees will only access your data for troubleshooting problems or recovering content on your behalf.
Hosting
Operationalize.Business is hosted on major cloud service providers.
Internal Assessments
Internal security audits are performed at least annually at Operationalize.Business.
Infrastructure
Anti-DDoS
Operationalize.Business leverages third-party applications for DDoS protection.
Data Center
Operationalize.Business is hosted by third-party service providers who handle physical security for data centers.
Infrastructure Security
Operationalize.Business's infrastructure is hosted in a fully redundant, secured environment. Customer data is hosted by third-party service providers, which maintain reports, certifications, and third-party assessments to ensure best security practices.
Threat Detection
Operationalize.Business utilizes third-party endpoint protection software for dedicated threat detection. The endpoint software detects intrusions, malware, and malicious activities on endpoints, assisting in rapid response.