Is my data safe and secure with ContractZen?
All contract documents and attachments are encrypted using strong AES-256 encryption and the connection to the ContractZen service is always encrypted using SSL.
ContractZen runs on Microsoft’s Azure cloud computing platform. Azure servers are located in the Netherlands with the strong EU data privacy laws.
Read more about Microsoft Azure Security.
More details on ContractZen & Microsoft Azure Security
Customer data security
and privacy are of paramount importance for ContractZen. ContractZen product’s
nature as a contract management solution signifies the importance of all things
related to information security. The security of the solution is ensured on
many levels, from regulatory requirements to architecture and solution’s
physical security.
The following sub-chapters describe the steps taken to ensure the security of the solution.
DESIGN SECURITY
The security of the ContractZen solution starts with a secure technology foundation. The solution has been designed with security in mind from the ground up. All outward-facing interfaces are hardened against attacks, and naturally Microsoft Azure aids in protecting and mitigating in any situations. The Azure platform naturally evolves and constantly updates, and this in turn also minimizes security risks caused by open vulnerabilities on the platform.
The ContractZen solution has been developed with the Microsoft Azure Best Practices guidelines as well as Microsoft’s web application architectural guidelines. These guidelines ensure that Microsoft’s global incident response teams are able to mitigate the effects of any attacks against the security of the ContractZen solution as a whole.
No payment card data is held by ContractZen, as all of the payment card data processing is subcontracted to Stripe, a PCI-DSS-certified payment card processing vendor.
DEVELOPMENT SECURITY
During the development cycle the Secure Development Lifecycle is utilized. This is a mandatory development process that embeds security requirements into every phase of the development process. The application development takes into consideration the OWASP-10 vulnerabilities and mitigates the possible effect of those.
An incident ticketing system is used and all tickets that might have security implications are tagged. All tagged tickets need validation from a security responsible to be closed.
CLOUD SECURITY
ContractZen solution’s health is monitored with a centralized monitoring system providing continuous visibility into the status of the system. The system alerts management teams in case of incidents.
Microsoft Azure offers automatic Antimalware for cloud services and utilizes detection and mitigation techniques to protect against DDoS attacks.
All network connections are authenticated and logged and no unauthorized access is allowed.
DATA SECURITY
ContractZen runs on Microsoft’s Azure cloud computing platform. Azure servers are located in the Netherlands with the strong EU data privacy laws. Microsoft Cloud meets key international and industry-specific compliance standards, such as ISO/IEC 27001 and ISO/IEC 27018, FedRAMP, and SOC 1 and SOC 2. They also meet regional and country-specific standards and contractual commitments, including the EU Model Clauses, UK G-Cloud, Singapore MTCS, and Australia CCSL (IRAP). Read more about Microsoft Azure Security.
The SQL database uses the Azure SQL Database built-in Transparent Data Encryption, which uses AES-256 symmetric encryption to encrypt all data files. (Read more on TDE: https://blogs.msdn.microsoft.com/sqlsecurity/2016/10/05/feature-spotlight-transparent-data-encryption-tde/).Azure Cosmos DB NoSQL database is encrypted at rest by default by using AES-256. (Read more: https://docs.microsoft.com/en-us/azure/cosmos-db/database-encryption-at-rest).
All connections to both databases are also encrypted in transit with TLS (Transport Layer Security, the same protocol used when accessing any website over HTTPS).
Files uploaded by users are stored in Azure Storage, which has encryption enabled at rest, which also uses AES-256. In addition, the files are encrypted with AES before upload with a customer-specific encryption key. The key is stored in Azure Key Vault service.
BACKUP AND DISASTER RECOVERY
All data on the platform is stored across multiple redundant hardware clusters and geo-replicated to an additional data center region to ensure continuity of services. Data is continuously backed up to enable point-in-time restores. The data is backed up to minimize data loss even if there’s a natural disaster. Azure cloud services enable the recovery to a different site.
The data can be restored as follows:
The Cosmos database can be restored at any point in time. The SQL database can be restored at any point in time during the last 35 days. After that, it can be restored monthly for 5 years.
If you want to have a backup of your data, you can have it anytime you want. Please send us a message and let us know the account name and administrator who we will deliver the data to. First, we will ensure that it really is you who is requesting the data. Then, we will deliver your data (with the metadata) to you electronically in a structured form. The cost is 75€ / $85 + VAT per delivery. However, if you want to stop using our service, we will deliver the data to you for free.