Accredible works hard to ensure that your data is securely protected and reliably available.
This page describes a number of our information & operational security practices & processes to enable you to understand how we protect your data.
Certifications and Assessments
Accredible is SOC2 Type 2 certified. We receive and review our data hosting providers’ SOC2 reports every 12 months under NDA. Our data center providers maintain ISO 27001, SOC2 Type II, and many other certifications.
Vulnerability Detection and Penetration Testing
Automated scans of Accredible's production websites are performed at least every 7 days. All changes are peer-reviewed, and vulnerability and security lists are actively monitored for CVE and other vulnerability disclosures with appropriate actions.
Annual black-box penetration tests are carried out upon Accredible web properties and APIs by a reputable third party.
Data Centers and Location
Accredible production services are hosted on Amazon Web Services (“AWS”) platform. The physical servers are located in AWS’s data centers. As of this date, AWS (i) has certifications for compliance with ISO/IEC 27001:2013, 27017:2015, and 27018:2014, (ii) is certified as a PCI DSS 3.2 Level 1 Service Provider, and (iii) undergoes SOC 1, SOC 2, and SOC 3 audits (with semi-annual reports).
Accredible has two regions, by default all user data is stored within the US region (US East - N. Virginia) of AWS by default and Google Cloud Storage ("GCS").
Accredible has an EU region which you may opt-in to using upon account creation, which stores your data in the EU region (Frankfurt).
User content can also be found in Accredible's backups, stored in AWS EC2, S3, Glacier, and GCS, specific to the chosen region.
We maintain separate and distinct production, staging, and development environments.
To access Accredible's production environment, authorized and trained members of Accredible's support team and select Engineering team members (“Authorized Personnel”) authenticate to the VPN using unique, strong passwords and 2FA and then only access the production environment via ssh terminal connections using RSA certificates. For Authorized Personnel, any workstations running Windows or macOS must be running current and active anti-virus software. Those members are also trained not to replicate non-public user data stored in Accredible's production environment onto their workstations or mobile devices.
AWS Network ACL and Security Groups are used to restrict access to Accredible's systems as appropriate to their role. Active monitoring of these security rules is in place, with alerting mechanisms in place for any changes to the configuration. Public access is restricted to ports 443 and 80 on the network load balancers for public traffic.
All user data stored in Accredible is protected under our obligations in our Terms of Service & DPA. Access to such data by Authorized Personnel is based on the principle of least privilege. Only Authorized Personnel have direct access to Accredible's production systems.
Accredible maintains a list of Authorized Personnel with access to the production environment. These members undergo criminal background checks and are approved by Accredible's Engineering management. Accredible also maintains a list of personnel who are permitted to access Accredible code and the development and staging environments. These lists are reviewed at least annually and upon role change.
Trained members of the Accredible customer support teams also have case-specific, limited access to user data stored in Accredible through restricted access customer support tools.
Upon role change or leaving the company, the production credentials of Authorized Personnel are deactivated, and their sessions are forcibly logged out. Thereafter, all such accounts are removed or changed.
User data entered on public credentials or included in public profile information may be viewed or accessed by anyone.
We require mandatory visitor check-in with the building security team. CCTV covers entry and exit points 24/7, with logs made available to us internally.
Accredible's production services are hosted on Amazon Web Services (“AWS”) platform. The physical servers are located in AWS’ secure data centers. We require that production critical data is never stored by privileged access to physical media outside of our data hosting provider's production environments.
Corporate Environment and Removable Media
Strict firewall rules prohibit access to necessary ports for the usage of Accredible (e.g., 443) to help ensure limited access to the production environment to our VPN network and authorized systems. Our corporate network has no additional access to the production environment, with Authorized Personnel required to connect to the VPN to access any special systems or environments.
Authorized Personnel with access to Accredible's production environment is trained as noted above. We have a clean desk policy, and employees are trained to lock workstations at any time they are not in use.
Accredible uses industry-standard Transport Layer Security (“TLS”) to create a secure connection using 128-bit Advanced Encryption Standard (“AES”) encryption. This includes all data sent between the web properties apps and the Accredible servers. There is no non-TLS option for connecting to Accredible. All connections are made securely over HTTPS.
Data drives on servers holding user data use full disk, industry-standard AES encryption with a unique encryption key for each server. The encryption, key management, and decryption process are inspected and verified internally by Amazon regularly as part of their existing audit process. All Accredible backups are encrypted with AES encryption.
Encryption keys for Accredible are managed by Amazon where possible. The encryption, key management, and decryption process are inspected and verified internally by Amazon regularly as part of their existing audit process. Encryption keys for Accredible managed by our team are rotated upon relevant changes of roles or employment status. Encryption keys managed by our team are stored using 1Password.
Data Deletion - Termination of Agreement
Upon termination of an agreement with Accredible, if requested by the customer's administrator, the content stored by Accredible on behalf of the customer can be removed. Upon processing such a request, Accredible will remove the data within 30 days. The team’s data will remain in encrypted Accredible database backups until those backups fall out of the backup retention window and are destroyed per our data retention policy. If a database restore is necessary within 90 days of requested data deletion, we will re-delete the data as soon as reasonably possible after the live production system is fully restored. If such a request is processed, all existing credentials will no longer function and are available for users.
Data Deletion - User Request
If a credential recipient asks us to remove the data that we have about them via a request to firstname.lastname@example.org, we will contact the issuer of these credentials first. Under GDPR regulations, Accredible is a 'Data Processor,' meaning that we are processing data on behalf of the issuer and must follow their instruction.
Once your issuer has deleted all credentials related to you, we process 'Right to be Forgotten' requests within 30 working days.
Development, Patch, and Configuration Management
All changes to the Accredible production system, be they code or system configuration changes, require review before deployment to the production environment. Thousands of automated unit tests are run against all production code before deployment. Production code is also subject to regularly conducted automated vulnerability scans. All changes to Accredible's code are tested in a staging environment before deployment to production. Patches to the Accredible web properties are deployed on a rolling basis, usually several times per week. All Accredible system changes are peer-reviewed, and patches are deployed as relevant to their level of security and stability impact, with critical patches able to be deployed well within 24 hours of availability as appropriate.
We restrict access as noted above and maintain separate lists of relevant roles with access to source code, development, staging, and production environments. These lists are reviewed quarterly and upon role change. We use source code management tools and repositories.
All production servers run an LTS (Long Term Support) distribution of their operating system to ensure timely updates are available. CVE lists and notifications are actively monitored, and any systems can be patched in a timeline relevant to the severity of the issue.
Certain user actions which manipulate user data are stored within Accredible and are available for the customer/user via the Dashboard audit log.
All Accredible API calls and application logs are kept for our internal purposes for at least 30 days. They are available only for authorized employees as required by their role for monitoring Accredible to ensure service availability and performance and prevent abuse.
Application logs for Accredible are centrally collected in LogDNA for a minimum of 30 days for monitoring and analysis, after which they are retained in S3 buckets. Security, authentication, and Intrusion Detection System (IDS) logs for Accredible are additionally retained in S3 CloudWatch buckets with a 12-month lifecycle to ensure retention.
Data entered into Accredible is backed up regularly. All backups are encrypted and stored at multiple offsite locations to help ensure that they are available in the unlikely event that a restore is necessary.
Files uploaded to Accredible as attachments are not backed up on the same schedule and rely on Amazon S3’s internal redundancy mechanism.
Accredible database backups are immediately encrypted with 256-bit AES encryption using GNU Privacy Guard (“GPG”) with a password-protected symmetric cipher. Encrypted backups can only be decrypted by members of the Accredible team who have received training and have been authorized to decrypt the backups.
Backups are taken at least once a day and are retained for at least 30 days.
The Accredible team has designed systems to keep the service running even if the underlying infrastructure experiences an outage or other significant issue. Accredible has been architected to survive a single availability zone outage without significant service interruptions.
Accredible maintains a business continuity plan which is tested on an annual basis and includes alternative work locations and business services.
In the unlikely event that a disaster causes disruption to Accredible, the team has prepared and annually rehearse a disaster recovery plan.
The plan details the members of an emergency response team, the priority list for different services, and the overall procedure that should be followed
Following a disaster, the typical response life-cycle would be:
- Emergency response to assess the level of damage, decide whether to invoke the
plan and at what level to notify staff, etc.
- Provision of an emergency level of service
- Restoration of key services
- Recovery to business as normal.
Target times have been established for the above stages:
- To be completed within 1 – 2 business hours of the disaster
- Within 4 business hours of the disaster
- Within 8 business hours of the disaster
- Within one week of the disaster.
Accredible only uses OS X, macOS, and UNIX-based computers. Accredible makes use of several approaches to reduce the risk of incidents on individual computers:
- Anti-malware: All Apple computers use XProtect and Gatekeeper to monitor and prevent unauthorized application usage and vulnerabilities. More information: https://www.apple.com/uk/business/resources/docs/macOS_Security_Overview.pdf
- Access control: Admin privileges for particular computers are only provided on a needs basis and are assigned, monitored, and managed via our access control policy.
- Updates: We require that all security patches must be installed within one month of becoming available, as a minimum.
Security Awareness and Confidentiality
Security awareness and user data access policies are covered during our employee onboarding as appropriate to the role, and employees are updated as relevant policies or practices change. Our employees also sign a confidentiality agreement.
Accredible reserves the right to determine the appropriate response if an employee breaches a security policy, which may include termination.
All our employees & contractors with access to Accredible data undergo a background check, including a criminal record check, verification of credentials, and verification of identity.
Uptime & Status Reporting
Accredible maintains a public status page to report service disruption and outages. You can subscribe to email updates and view historic uptime at http://status.accredible.com/.