Infrastructure Security

As industry leaders, we adhere to strict international standards and regulations and are ISO and SOC2 Type 2 certified. In addition, our data centers are also SOC2 and ISO 27001 compliant. We use standard secured network protocols and encryption via Secure Sockets Layer/Transport Layer Security (SSL/TLS) encrypted channels to protect customer data and ensure data privacy and protection whenever data is in transit.

As industry leaders, we adhere to strict international standards and regulations and are ISO and SOC2 Type 2 certified. In addition, our data centers are also SOC2 and ISO 27001 compliant. We use standard secured network protocols and encryption via Secure Sockets Layer/Transport Layer Security (SSL/TLS) encrypted channels to protect customer data and ensure data privacy whenever data is in transit.

Encryption

Our built-in encryption methods are incorporated into the SysAid environment (AES-256) to protect customer data and ensure data privacy and protection for data at rest.

Authentication Requirements

SysAid authenticates all users with a unique ID and password by default (saving and encrypting the information in our database). Users can choose whether they want to allow password caching or not. Access to all API resources is always authenticated

SAML & MFA

SysAid supports different types of SSO solutions (Microsoft Azure, Microsoft ADFS, Google GSuite SSO, OKTA, and OneLogin) permitting customers to implement Single Sign-On (SSO) in accordance with their own access policies.

Confidentiality

Both SysAid employees and contractors sign confidentiality agreements upon commencing work with SysAid.

While privacy laws may vary between jurisdictions, SysAid is committed to protecting personal data in accordance with our Privacy Policy and customary industry standards.

Annual Third-Party Audits

We are audited annually in order to continuously improve and expand our security procedures and meet or exceed ever-evolving compliance requirements.

Cloud Data Storage

SysAid Cloud is hosted in third-party state-of-the-art data centers across three primary regions: US, Europe, and Asia Pacific (other locations may be available by request). Our entire production infrastructure and application utilizes and relies on AWS, the leading global Cloud Services Provider. Amazon maintains and demonstrates SSAE-16 SOC 1, 2 and 3, ISO 27001, and FedRAMP/FISMA reports and certifications. Web servers and databases run on servers in secure data centers.

Penetration Tests and Vulnerability Scans

As part of our security measures we automatically update and deploy security patches with each version update and proactively perform periodic vulnerability scans and penetration tests.

We work alongside independent and accredited information security companies to perform regular penetration tests and monitor malicious activity and unauthorized behavior to protect SysAid’s AWS accounts, workloads, and data stored in AWS.

see our SysAid Vulnerability Disclosure Policy (VDP) for more details.

DDoS Protection

As part of our multilayered-protection approach, our Disaster Recovery Plan includes mitigations for numerous scenarios including DoS & DDoS attacks.

Data Backup

In addition to standard AWS backups which are performed regularly, SysAid also uses our internal tools to daily backup each customer’s database. Learn more about backups here.