Snapdocs takes data security seriously. One of the most important things we do for our clients is give them confidence in the safety of their data and the compliance of their workflow.
Data security and compliance are both active processes, involving everything from the encrypted transfer of documents to laptop-password policies. It is our job to stay current on the latest in consumer protection regulation and security technology and update our security measures accordingly.
Internally, we conduct rolling security reviews with top-to-bottom audits every 60 days. This has led to a complex, living policy curated and enforced by our CTO. This answers three questions-- How do we keep a reliable infrastructure? How do we keep our data safe? And how do we make sure our employees practice good security hygiene?
For our infrastructure:
We run multiple web servers distributed across multiple facilities. This provides both improved response time and fault-tolerance. If a disaster strikes one center, others can be scaled up in moments.
We run a highly redundant database. This is a secure storage that is firewall-protected. We maintain by-the-minute deltas, which means that if data were in some way corrupted, we can do point-in-time recovery.
At every point in the day, we have an engineer on-call. This means if disaster strikes in the middle of the night, we have someone ready to look at it.
We maintain extensive audit logics, both for server access and for API calls.
For the data itself:
End-to-end Encryption. Starting in the browser, Snapdocs uses SSL encryption (the same tools used by online banks) to protect the transmission of the data.
Our company (like all other cloud companies) makes use of various APIs to build our products. We demand that all our API connections are done over SSL as well. Moreover, we generate audit trails of all our API access. This means we can document the secure transmission of data between services.
At Snapdocs we handle a lot of documents. All of those are encrypted prior to storage. Access to these documents is also audited.
Sensitive data (such as social security numbers) is further encrypted with a key that is stored separately from our data. That means that even if a malicious actor were to gain access to our data, the integrity of it is still ensured.
And in terms of our employees:
We only give our most senior engineers access to our production environment. This limits the surface area of our potential risk. All engineers with this level of access are required to use two-factor authentication.
All employees use password-protected laptops which are stored at night in a secure location.
Employees are given access to our information security policy and are responsible for reviewing it when policies change.
And what does this do for your company?
Snapdocs moves its clients away from email - Sending documents over email is most definitely NOT secure and NOT compliant. By using SnapDocs, our clients immediately have a better system.
Snapdocs provides audit trails. If you wish to know who has seen the information within a specific order, we can provide this to you. This is key to running a compliant company.
We are dedicated to continuous investment in building and maintaining data security for our customers. Building a secure and compliant organization is a process that needs to live and evolve over time, and we’re investing our resources in making sure we always stay ahead of the curve.