Information Security & Compliance
How Authenticx Protects Your Data
We built the foundation of our company and our platform on trust, security, compliance, and transparency. Authenticx has policies and procedures in place to ensure your information is kept safe and that your communications are secure. If you have additional questions about Authenticx security practices, please email helpdesk@authenticx.com or contact your account representative.
Overview
Access Management
Quality Assurance
Data Protection
Application Security
Network Controls
Compliance & Legal
Access Management
Authentication: We require multi-factor authentication for internal services that are used.
Single Sign-On (SSO): Authenticx supports SSO that requires unique user IDs and passwords for each individual user.
Access Controls: Authenticx places all clients into separate tenants to ensure logistical access controls and to keep data visible using the principle of least privilege.
User Provisioning: Authenticx leverages Azure AD create user identities and roles in the applications that users need access to.
Application Governance: Authenticx has policies in place for the use of cloud resources (storage and computing) and cloud services (APIs).
Audit Logging: Authenticx maintains logs of access, log-in attempts, changes, views, and deletions that occur in systems that contain sensitive data.
Quality Assurance
Personnel
Security Training: Authenticx provides and tracks security training for all new employees, in addition to annual re-training.
Background Checks: Authenticx performs background checks on all employees prior to employment.
Procedure Documentation: Authenticx has documented policies and procedures for risk management, security policies, incident management and other security programs.
Change Management Process
Procedure Documentation: Authenticx has change management procedures in place for both application and infrastructure level changes.
Emergency Fix or Release: Authenticx can push emergency releases and fixes in real-time.
Implementation Process: Authenticx has a thorough quality assurance process we follow across both our staging and production deployment process. We also have a process to roll-back changes if we see any systems inadvertently affected by recent updates.
Customer Notification: Authenticx has processes in place to notify customers in the event of any incidents that occur.
Data Resiliency
Data Back-Up: Authenticx utilizes Microsoft Azure with continuous data backup defaults. Authenticx performs automatic backups every 24 hours for all customer and system resources which includes encrypting the backups in the same way as live production data.
Data Storage: We maintain the Authenticx environment within multiple Microsoft Azure data centers. If one data center experiences any outage or failure, a contingent data center will handle all traffic. By default, Azure provides durable infrastructure to store important data and is designed for durability of 99+% of objects.
Disaster Recovery: Authenticx tests our disaster recovery plans and backup restoration on an annual basis.
Data Protection
Azure Redundancy & Fail-over
Authenticx ensures protected private data back-up & geo-redundancies.
Purpose Limitations
Authenticx ensures data protection enablement for identified purposes.
Data Minimization
Authenticx safeguards data limits & minimization methods are in place.
Application Security
Data Encryption: All data in the Authenticx platform is encrypted, using TLS 1.2 or greater for data in-transit and AES-256 encryption for data at-rest.
Host Application: Authenticx is hosted and operates entirely in Microsoft Azure. All data is stored across multiple data centers and processed in the United States. By hosting with Microsoft Azure, we have the benefit of leveraging infrastructure with SOC II, ISO 27001, HITRUST, FedRAMPand other compliance certifications, in addition to native firewall and IDS protection.
External Penetration Tests: Authenticx runs regular penetration tests and vulnerability scans through third parties and utilizes tools within Azure for ongoing vulnerability monitoring.
Granular Permissions: Authenticx offers admin permissions within its platform along with access level controls, which allow for client-specific configurations of granular permissions.
Personal or Sensitive Information: Authenticx only collects the information needed to provide services. Authenticx maintains policies and procedures that limit the exposure, use, disclosure, and requests for any sensitive information. We do not resell any data.
Network Controls
Protected Secure Communication: Authenticx has HSTS enforced transport security policy mechanism protecting our website with all client data flowing exclusively over HTTPS.
Encrypted Communication: All communication is secured using TLS 1.2 or greater, is encrypted end-to-end, and encrypted at rest using AES-256
Private Networking Connection: Authenticx uses strict virtual network service endpoint policies to provide strict granular access control for virtual network traffic with Azure over service endpoint connection. Authenticx uses native firewall capabilities within Azure for traffic into and within the virtual network of Azure.
Authenticated Connection: Authenticx has common Access Controls for all sessions and required authentications for all connections. Single Sign-On (SSO), Bring-Your-Own-Key (BYOK), and platform specific credentials are available options for connection to the Authenticx platform.
Compliance & Legal
SOC 2 Type I & II
HIPAA Compliant
General Data Protection Regulations (EU & UK)
California Consumer Privacy Act
PCI DSS Compliant
Continuous Compliance Monitoring