System and data security
Cloud security and compliance
Our hosting network has the following accreditations and certifications:
PCI DSS Level 1 (Payment Card Industry Data Security Standard)
ISO 27001 (Information Security Management System)
AICPA SOC 2 Type II
Cloud Security Alliance (CSA) STAR Level 1 compliance addressing fundamental security principles across 16 domains to assess the overall security risk of our cloud service.
All data centres are independently audited, and certified by internationally recognized attestation and certification compliance standards.
Monitoring
Our systems are monitored 24 hours a day, 7 days a week, 365 days a year. If something goes wrong, we’ll be the first to know and will action the issue within minutes —regardless of the time of day
Backups
Our databases operate in a fully managed, high performance database cluster. Clusters include daily backups with point-in-time recovery (PITR), standby nodes for high availability and end-to-end SSL encryption.
The databases are multi-centre with automated failover, meaning they automatically detect and replace degraded or failing nodes. With two standby nodes, the cluster is highly available and very resilient against downtime. If two nodes fail simultaneously, the service remains available while replacements are provisioned in the background.
The service only becomes unavailable in the unlikely event of all three nodes failing at the same time.
Servers and virtualization
Role-based access, two-factor authentication, secure network zones, bastion hosts, and secrets management underpin our approach to securing our management layer. Vulnerability and patch management as well as security observability tools help us keep on top of the ever-shifting risk in our infrastructure.
Complying with GDPR
With the help of external advisors, we reviewed our products and services, customer terms, privacy notices and arrangements with third parties for compliance with the GDPR. Our focus on privacy and compliance efforts are always ongoing.
Security measures for data transfers
We utilize many security measures to protect your data including but not limited to:
Data processing systems are prevented from being used without authorization.
Personal data is not read, copied, modified or removed without authorization during transfer or storage.
We are able to retrospectively examine and establish whether and by whom personal data have been entered into data processing systems, modified or removed.
Handling delete instructions from customers
Customers have the ability to remove or delete information they have uploaded to our products. Likewise, customers may deactivate their account and request that all data we have collected and stored is deleted.
System requirements
For more information on Orthobridge's requirements, see our system requirements