essDOCS Security Features
Security is a core element of essDOCS' solutions, developed through years of methodical testing and industry input.
Key security features include:
- Multi-tiered application environment, providing isolated tiers for web, application and data protected by dedicated firewalls and network isolation
- Enterprise wide risk management strategy at data centres including anti-virus, managed firewalls, secure VPN, network and host based intrusion detection
- Hardened operating system and system components
- HTTPS 256bit Transport Layer Security (TLS) 1.2/1.1 encryption to the client
- Data encryption in transit and at rest
- Extended validation (EV) digital certificates
- Redundant, geographically disparate data centres for disaster recovery
- In excess of 99.9% uptime
essDOCS is subject to annual IT audits focused on external penetration testing and internal vulnerability assessments. PriceWaterhouseCoopers has been appointed by the DDG Executive Committee as the security auditor since 2009. Copies of the Auditor’s reports are available to DDG members.
essDOCS data centers are ISO 27001 & ISO 27002 certified. An overview of each of these certifications is outlined below:
- ISO/IEC 27001: formally specifies a management system that is intended to bring information security under explicit management control. ISO/IEC 27001 requires that management: (i) systematically examine the organization’s information security risks, taking account of the threats, vulnerabilities and impacts; (ii) design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and (iii) adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis.
- ISO/IEC 27002: provides best practice recommendations on information security management for use by those responsible for initiating, implementing or maintaining Information Security Management Systems.