Information security, confidentiality, availability, processing integrity, and privacy are vital to the business operations of our customers. SaaS providers have taken extraordinary measures to address these concerns, and Numerify is no different. Numerify’s security architecture and practices incorporate learnings and insights from best-in-class SaaS providers. Numerify is committed to maintaining a safe and secure platform for our customers, business partners, and the broader Internet community. Numerify has developed an in-house information security and compliance function that complements the controls that our IaaS provider, Amazon Web Services, provides. Numerify security policies and practices are designed to adhere to the SOC2 standards for service providers.
Numerify does not host any customer data in its physical office locations, but rather in secure AWS data centers that have been certified to meet industry security standards. For details of AWS security, please refer to the AWS Security Site and review the AWS Security Whitepaper.
Cloud Platform Security
All Numerify customers are separated from other AWS customers through the use of our Numerify Virtual Private Cloud (VPC). Within the Numerify VPC, customers may share servers and compute nodes with other Numerify tenants. Tenant data is never commingled with other customers by virtue of the fact that tenants always get private databases and private partitions in S3 buckets. Numerify relies on HTTPS with SSL encryption. Since we don’t support use of HTTP for external interactions, all such web traffic is encrypted.
In addition to infrastructure and software security, there are other key aspects to securing a SaaS application that are operational in nature and deal with people, policies, and physical assets. Access to the Numerify production environment is under strict control and limited to a need-to-know basis. Numerify has strong policies and enforcement in place for Human Resources, Information Access, Security Incidents, and Emergency Response. With the successful completion of a SOC 2 Type II audit and certification, customers are reassured that Numerify complies with the highest standards in the SaaS world.
Numerify Compliance and Certifications
• Service Organization Control (SOC) 2 Report under SSAE 16 • Complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework