Security

Your data security is a top priority at CertifyIt. Your business documents contain information that only you, auditors and your clients need to see, and we intend to keep it that way. Every day we ensure that our security is parallel with industry standards and compliance.
Data Storage
CertifyIt stores data such as metadata, activity, original files and customer’s data in different locations while also compiling and generating documents when requested. All data in each location is encrypted at rest with AES-256 and sophisticated encryption keys management.
Servers and networking
All servers that run CertifyIt software in production are recent, continuously patched Linux systems. Additional hosted services that we utilize, such as Amazon RDS, S3 and others, are comprehensively hardened AWS infrastructure-as-a-service (IaaS) platforms.
GDPR compliance
CertifyIt recognizes that protecting privacy requires a holistic security program. We’ve completed extensive research and created a resources page with detailed information explaining what GDPR is and how CertifyIt is compliant.
Blockchain Data Storage
All the data of digital certificates is recorded into IBM’s Hyperleddger blockchain, namely: application for a quality service, standards and participants; milestones of a quality progect including deadlines and actual close date of each milestone, project statuses, attached documents, reports of auditors, comments.
Vulnerability testing
Web application security is evaluated by the development team in sync with the application release cycle. This vulnerability testing includes the use of commonly known web application security toolkits and scanners to identify application vulnerabilities before they are released into production.
System monitoring and alerting
At CertifyIt, the production application and underlying infrastructure components are monitored 24/7/365 days a year, by dedicated monitoring systems. Critical alerts generated by these systems are sent to 24/7/365 on-call DevOps team members and escalated appropriately to operations management.
Coding and testing practices
CertifyIt leverages industry standard programming techniques such as having a documented development and quality assurance processes, and also following guidelines such as the OWASP report, to ensure that the applications meet security standards.
Customer payment information
CertifyIt uses external secure third party payment processing and does not process, store, or transmit any payment card data.
Isolated environments
The production network segments are logically isolated from other Corporate, QA, and Development segments.

Get started with CertifyIt today

No credit card required
Menu