These FAQs are designed to provide a better understanding of our security parameters, our review and update processes, and our legal and technical tools.
What security parameters are in place for protecting our data in the cloud?
- The Google Cloud Platform is accredited to SSAE 16 Type II, ISAE 3402 Type II and ISO 27001:2005 standards.
- The Amazon Web Service is accredited to SSAE 16 Type II, ISAE 3402 Type II and ISO 27001:2005 standards.
- SafetyCulture does not store or cache financial data used in conjunction with automated client billing through the SafetyCloud platform.
- Financial data storage and processing is performed by Web Active Corporation trading as eWAY and is encrypted using technologies provided by Ingrian Networks and Thales e-Security, Inc. Data transmission is secured through industry standard SSL/TLS encryption.
- eWay is compliant with the Payment Card Industry Data Security Standard (PCI DSS) 2.0.
- SafetyCloud utilizes Hypertext Transfer Protocol (HTTP) and SPDY, both using standard encryption technologies, for all client communications. Content is served directly from a single Virtual IP (VIP) address using the SafetyCloud SSL Certificate by SafetyCloud’s application servers or through the SafetyCloud Static CDN.
- SafetyCloud employs Secure Socket Layer (SSL) or Transport Layer Security (TLS), where available, on both HTTP and SPDY connections. The use of either SSL or TLS is mandatory for all content-serving connections; however, some insecure connections are accepted to allow the server to redirect the connecting client to the secure equivalent.
Do you review security at each phase of the software development lifecycle?
Yes, we have integrated reviews into our product development lifecycle, from requirements definition to code development and testing.
What methods do you use to inform customers of vulnerabilities?
- Registered customers have vulnerability information disclosed to them immediately, even before a patch is ready.
- Customers can receive information via e-mail, social media outlets (Facebook, Twitter), website or whatever, and all vulnerabilities are also posted to our customer Web portal.
How frequent are updates and patches?
We issue regularly and fully tested patches to our products, to address issues and introduce new features, as frequent as once a week.
What are the terms and period of your security support agreement?
We ensure that all critical security defects will be fixed within one month of discovery.
Are there any ULA agreements required to be signed by users to download the software?
- iAuditor is covered by a Standard EULA as provided by Apple.
- SafetyCulture users are required to agree to terms and conditions before creating an account. Similarly customers agree to the same terms and conditions on creation of a company.
Are there any established SLA’s?
- There are SLA's on the terms and conditions that cover SafetyCulture, this agreement can be viewed here.
- We don’t offer any SLA's for support, we do however pride ourselves on prompt support of all our products. Our support team spans multiple time zones covering 24 hours of the day during the week and a minimum of 4 hours per weekend.
- Support is accessible via the ticket request system, by e-mail firstname.lastname@example.org or via the phone at one the following numbers:
- (US) 1-816-717-1343
- (AU) 1300 603 604
- (INT) 61 7 4408 8208
Is there support documentation for users?
Yes, support documentation is available here and within the app. We also provide a extensive knowledge base and some great guides and tutorials to get you started on our support site.