Request Access

Assivo requests your details

I have read and agree to Terms & Conditions and Privacy Policy of Assivo.

I would like to get Assivo Center Updates.

Thank you! Your submission has been received!

Something went wrong. Try again.

Overview

Assivo's commitment to data privacy and security is embedded in every part of our business. This page outlines the high-level details for several of the frameworks, regulations, and certifications that apply to our company and its services.

You can also access more comprehensive security and compliance details in the Security section of our documentation or contact security@assivo.com with specific questions or requests.

Compliance

CCPA

GDPR

HIPAA

SOC 2

Documents

SOC 2 Report

HIPAA

SOC 2

Acceptable Use Policy

Access Control Policy

Business Continuity Policy

Data Classification Policy

Encryption Policy

General Incident Response Policy

Information Security Policy

Network Security Policy

Physical Security

Risk Management Policy

Software Development Lifecycle

Risk Profile

Data Access Level

As a SaaS vendor selling to an enterprise customer, what type of data do you need access to?

Restricted (i.e. highly confidential information such as PII, personal identifiable information)

Impact Level

What is the potential impact to your enterprise customer if the data and/or functionality you, as the vendor, are supposed to manage, is compromised?

Substantial

Recovery Time Objective

What is your recovery time objective in case of critical failure? (e.g., your DB is deleted)

48-72 Hours

Recovery Point Objective

What is your recovery point objective in case of critical failure? (e.g., your DB is deleted)

48-72 Hours

Critical Dependence

Will your product be a system that your enterprise customer critically depends on? (i.e., a failure would cost them a ton of money)

Yes

Third Party Dependence

Are you also using other third-party services to manage or support your customers?

Yes

Hosting

Are you hosted only on one of the major cloud providers or do you have any on-premise systems?

Major Cloud Provider (e.g., AWS, Azure, GCP, Salesforce, or Digital Ocean)

Product Security

Audit Logging

Our product logs all user activity to enable easy auditing of usage patterns.

Data Security

Integrations

Our product provides an industry leading suite of integrations including Stripe, QuickBooks, and various others.

Multi-Factor Authentication

We're actively working on support for multi-factor authentication.

Role-Based Access Control

Our product offers role-based access control that allows administrators to provision different levels of access.

SSO Support

We're actively working on single sign-on, starting with Google authentication.

Team Management

Our product supports team management capabilities to help administrators manage user needs and permissions.

Reports

HIPAA Report

Network Diagram

Pentest Report

SOC 2 Report

Data Security

Access Monitoring

We log and monitor all access attempts to our company resources.

Backups Enabled

We ensure that data is backed up across multiple locations and can be retrieved within our recovery time objective if a failure does occur.

Data Erasure

We provide an email (security@assivo.com) for customer data deletion requests and will ensure that the data is erased within a set timeframe.

Encryption-at-rest

We use the Advanced Encryption Standard (AES) algorithm with a key size of 256 bits and with a unique and proper encryption key rotation policy for each customer.

Encryption-in-transit

All of our communications at transit external or internal are done via secure and encrypted channels.

Physical Security

Physical access to our office is restricted using badges for which only our employees and building staff have keys.

App Security

Bot Detection

We use bot detection to protect our web application from automated login attacks.

Code Analysis

We use static and dynamic code analysis.

Credential Management

We manage all secrets using the AWS Key Management Service, AWS Parameter Store, 1Password.

Software Development Lifecycle

Vulnerability & Patch Management

We install all patches and software updates as soon as they are made available. All vulnerabilities are tracked in our project management system.

Web Application Firewall

We use the AWS Web Application Firewall.

Legal

Cyber Insurance

Data Processing Agreement

Terms & Conditions

Access Control

Data Access

We strictly monitor access to customer data and only permit it on an as-needed basis.

Logging

We keep detailed logs of all activities on company resources and review logs to identity irregularities on a weekly basis.

Password Security

We enforce stringent password security policies and MFA (Multi-factor Authentication) based access for all our employees via an central active directory.

Infrastructure

Amazon Web Services

We host our applications and data on Amazon Web Services.

Anti-DDoS

We utilize an anti-DDOS system to provide guaranteed up time for our product.

BC/DR

We have a tested and detailed business continuity and disaster recovery plan in the event of a major disruption to one of our key service providers.

Separate Production Environment

We maintain completely separate production and development environments to ensure product stability.

Endpoint Security

Disk Encryption

We use FileVault to encrypt the data on our corporate laptops.

DNS Filtering

We use the AWS Web Application Firewall.

Endpoint Detection & Response

Mobile Device Management

Threat Detection

Network Security

Data Loss Prevention

DNSSEC

Firewall

We utilize a firewall to protect networked company resources.

Security Information and Event Management

We use a SIEM tool to monitor for security events in our infrastructure.

Traffic Filtering

Traffic on our network is filtered for known malicious domains.

Corporate Security

Email Protection

Employee Training

Incident Response

Internal SSO

Policies

Acceptable Use Policy

Access Control Policy

Business Continuity Policy

Data Classification Policy

Encryption Policy

General Incident Response Policy

Information Security Policy

Network Security Policy

Physical Security

Risk Management Policy

Software Development Lifecycle

Security Grades

Qualys SSL Labs

Marketing Website

Portal

Services

Data Entry & Processing

Research & Data Collection

Who We Serve

Professional Services

Marketplaces & Platforms

Schedule A Consultation

Get Access to Security Portal

Request Access

Had access before?

Reclaim Access

Overview

Compliance

CCPA

GDPR

HIPAA

SOC 2

Documents

Request Access

SOC 2 Report

HIPAA

SOC 2

Acceptable Use Policy

Acceptable Control Policy

+9 More

Risk Profile

Data Access Level

Restricted

Impact Level

Substantial

Recovery Time Objective

48-72 Hours

Product Security

Audit Logging

Data Security

Integration

Reports

HIPAA Report

Network Diagram

Pentest Report

Data Security

Access Monitoring

Backups Enabled

Data Erasure

App Security

Bot Detection

Code Analysis

Credential Management

Legal

Cyber Insurance

Data Processing Agreement

Access Control

Data Access

Logging

Password Security

Infrastructure

Amazon Web Services

Anti-DDoS

BC/DR

Endpoint Security

Data Encryption

DNS Filtering

Endpoint Detection & Response

Network Security

Data Loss Prevention

DNSSEC

Firewall

Corporate Security

Email Protection

Employee Training

Incident Response

Policies

Acceptable Use Policy

Access Control Policy

Business Continuity Policy

Security Grades

Qualys SSL Labs

Marketing Website

Portal

If you think you may have discovered a vulnerability, please send us a note.

Report Issue

Reliable & Affordable Outsourcing Services

Schedule A Consultation

Client Portal