Accredible works hard to ensure that your data is securely protected and reliably available.
This page describes a number of our information & operational security practices & processes to enable you to understand how we protect your data.
Certifications and Assessments
Accredible is SOC2 Type 1 certified. We receive and review our data hosting providers’ SOC2 reports every 12 months under NDA. Our data center providers maintain ISO 27001, SOC2 Type II, and many other certifications.
Vulnerability Detection and Penetration Testing
Automated scans of Accredible's production websites are performed at least every 7 days. All changes are peer reviewed and vulnerability and security lists are actively monitored for CVE and other vulnerability disclosures with appropriate actions taken.
Annual black-box penetration tests are carried out upon Accredible web properties and APIs by a reputable third party.
Data Centers and Location
Accredible production services are hosted on Amazon Web Services’ (“AWS”) platform. The physical servers are located in AWS’s data centers. As of this date, AWS (i) has certifications for compliance with ISO/IEC 27001:2013, 27017:2015 and 27018:2014, (ii) is certified as a PCI DSS 3.2 Level 1 Service Provider, and (iii) undergoes SOC 1, SOC 2 and SOC 3 audits (with semi-annual reports).
All user content is stored within US region of AWS by default and Google Cloud Storage ("GCS"). User content can also be found in Accredible's backups, stored in AWS EC2, S3, Glacier, and GCS.
We maintain separate and distinct production, staging, and development environments.
To access Accredible's production environment, authorized and trained members of Accredible's support team and select Engineering team members (“Authorized Personnel”) authenticate to the VPN using unique strong passwords and 2FA and then only access the production environment via ssh terminal connections using RSA certificates. For Authorized Personnel, any workstations running Windows or macOS must be running current and active anti-virus software. Those members are also trained not to replicate non-public user data stored in Accredible's production environment onto their workstations or mobile devices.
AWS Network ACL and Security Groups are used to restrict access to Accredible's systems as appropriate to their role. Active monitoring of these security rules is in place with alerting mechanisms in place for any changes to the configuration. Public access is restricted to port 443 and 80 on the network load balancers for public traffic.
All user data stored in Accredible is protected in accordance with our obligations in the our Terms of Service & DPA, and access to such data by Authorized Personnel is based on the principle of least privilege. Only Authorized Personnel have direct access to Accredible's production systems.
Accredible maintains a list of Authorized Personnel with access to the production environment. These members undergo criminal background checks and are approved by Accredible's Engineering management. Accredible also maintain a list of personnel who are permitted to access Accredible code, as well as the development and staging environments. These lists are reviewed at least annually and upon role change.
Trained members of the Accredible customer support teams also have case-specific, limited access to user data stored in Accredible through restricted access customer support tools.
Upon role change or leaving the company, the production credentials of Authorized Personnel are deactivated, and their sessions are forcibly logged out. Thereafter, all such accounts are removed or changed.
User data entered on public credentials or included in public profile information may be viewed or accessed by anyone.
We require mandatory visitor check-in with the building security team. CCTV covers entry and exit points 24/7 with logs made available to us internally.
Accredible's production services are hosted on Amazon Web Services’ (“AWS”) platform. The physical servers are located in AWS’ secure data centers. We require that production critical data is never to be stored by those with privileged access on physical media outside of our data hosting provider's production environments.
Corporate Environment and Removable Media
Strict firewall rules prohibit access to necessary ports for the usage of Accredible (e.g., 443), to help ensure limited access to the production environment to our VPN network and authorized systems. Our corporate network has no additional access to the production environment, with Authorized Personnel required to connect to the VPN in order to access any special systems or environments.
Authorized Personnel with access to Accredible's production environment are trained as noted above. We have a clean desk policy and employees are trained to lock workstations at any time in which they are not in use.
Accredible uses industry standard Transport Layer Security (“TLS”) to create a secure connection using 128-bit Advanced Encryption Standard (“AES”) encryption. This includes all data sent between the web properties apps and the Accredible servers. There is no non-TLS option for connecting to Accredible. All connections are made securely over HTTPS.
Data drives on servers holding user data use full disk, industry-standard AES encryption with a unique encryption key for each server. The encryption, key management, and decryption process is inspected and verified internally by Amazon on a regular basis as part of their existing audit process. All Accredible backups are encrypted with AES encryption.
Encryption keys for Accredible are managed by Amazon where possible. The encryption, key management, and decryption process is inspected and verified internally by Amazon on a regular basis as part of their existing audit process. Encryption keys for Accredible managed by our team are rotated upon relevant changes of roles or employment status. Encryption keys managed by our team are stored using 1Password.
Data Deletion - Termination of Agreement
Upon termination of an agreement with Accredible, if requested by the a customer's administrator, the content stored by Accredible on behalf of the customer can be removed. Upon processing such a request, Accredible will remove the data within 30 days. The team’s data will remain in encrypted Accredible database backups until those backups fall out of the backup retention window and are destroyed in accordance with our data retention policy. In the event that a database restore is necessary within 90 days of a requested data deletion, we will re-delete the data as soon as reasonably possible after the live production system is fully restored. If such a request is processed all existing credentials will no longer function and be available for users.
Data Deletion - User Request
If at any time a credential recipient asks us to remove the data that we have about them via a request to firstname.lastname@example.org we will contact the issuer of these credentials first. Under GDPR regulations Accredible is a 'Data Processor', meaning that we are processing data on behalf of the issuer and must follow their instruction.
Once your issuer has deleted all credential related to you, we process 'Right to be Forgotten' requests within 30 working days.
Development, Patch and Configuration Management
All changes to the Accredible production system, be they code or system configuration changes, require review prior to deployment to the production environment. Thousands of automated unit tests are run against all production code prior to deployment. Production code is also subject to regularly conducted automated vulnerability scans. All changes to Accredible's code are tested in a staging environment prior to deployment to production. Patches to the Accredible web properties are deployed on a rolling basis, usually several times per week. All Accredible system changes are peer reviewed and patches are deployed as relevant to their level of security and stability impact, with critical patches able to be deployed well within 24 hours of availability as appropriate.
We restrict access as noted above and maintain separate lists of relevant roles with access to source code, development, staging, and production environments. These lists are reviewed quarterly and upon role change. We use source code management tools and repositories.
All production servers are running a LTS (Long Term Support) distribution of their operating system to ensure timely updates are available. CVE lists and notifications are actively monitored and any systems can be patched in a timeline relevant to the severity of the issue.
Certain user actions which manipulate user data are stored within Accredible and are available for the customer/user via the Dashboard audit log.
All Accredible API calls and application logs are kept for our internal purposes for at least 30 days, and are available only for authorized employees as required by their role for monitoring of Accredible to ensure service availability and performance and to prevent abuse.
Application logs for Accredible are centrally collected in LogDNA for a minimum of 30 days for monitoring and analysis, after which they are retained in S3 buckets. Security, authentication, and Intrusion Detection System (IDS) logs for Accredible are additionally retained in S3 CloudWatch buckets with a 12 month lifecycle to ensure retention.
Data entered into Accredible is backed up regularly. All backups are encrypted and stored at multiple offsite locations to help ensure that they are available in the unlikely event that a restore is necessary.
Files uploaded to Accredible as attachments are not backed up on the same schedule, and instead rely on Amazon S3’s internal redundancy mechanism.
Accredible database backups are immediately encrypted with 256-bit AES encryption using GNU Privacy Guard (“GPG”) with a password-protected symmetric cipher. Encrypted backups can only be decrypted by members of the Accredible team who have received training and have been authorized to decrypt the backups.
Backups are taken at least once a day and are retained for at least 30 days.
The Accredible team has designed systems to keep the service running even if the underlying infrastructure experiences an outage or other significant issue. Accredible has been architected to survive a single availability zone outage without significant service interruptions.
Accredible maintains a business continuity plan which is tested on an annual basis and includes alternative work locations and business services.
In the unlikely event that a disaster causes disruption to Accredible the team have prepared and annually rehearse a disaster recovery plan.
The plan details the members of an emergency response team, the priority list for different services and the overall procedure that should be followed
Following a disaster, the typical response life-cycle would be:
- Emergency response to assess level of damage, decide whether to invoke the
plan and at what level, to notify staff etc.
- Provision of an emergency level of service
- Restoration of key services
- Recovery to business as normal.
Target times have been established for the above stages:
- To be completed within 1 – 2 business hours of the disaster
- Within 4 business hours of the disaster
- Within 8 business hours of the disaster
- Within one week of the disaster.
Accredible only uses OS X, macOS and UNIX based computers. Accredible makes use of a number of approaches to reduce risk of incidents on individual computers:
- Anti-malware: All Apple computers make use of XProtect and Gatekeeper to monitor and prevent unauthorized application usage and vulnerabilities. More information: https://www.apple.com/uk/business/resources/docs/macOS_Security_Overview.pdf
- Access control: Admin privileges for particular computers are only provided on a needs-basis and are assigned, monitored and managed via our access control policy.
- Updates: We require that all security patches must be installed within one month of becoming available, as a minimum.
Security Awareness and Confidentiality
Security awareness and user data access policies are covered during our employee onboarding as appropriate to the role and employees are updated as relevant policies or practices change. Our employees also sign a confidentiality agreement.
In the event that a security policy is breached by an employee, Accredible reserves the right to determine the appropriate response, which may include termination.
All our employees & contractors with access to Accredible data undergo a background check which includes a criminal record check, verification of credentials and verification of identity.
Uptime & Status Reporting
Accredible maintains a public status page to report service disruption and outages. You can subscribe to email updates and view historic uptime at http://status.accredible.com/