Your security, safety, and privacy are our top priority.
Measurabl is committed to data protection practices that keep your data safe.
- All employees receive regular training.
- Your data is encrypted at rest using AES 256 encryption
- We run 100% on the cloud using AWS services within a Virtual Private Cloud (VPC).
- Measurabl maintains a high availability architecture service.
Measurabl follows secure coding guidelines and has procedures for static analysis of code, code review, and testing before any code gets released to production.
Measurabl has a formal change control policy periodically reviewed, updated, and approved by management. We also have a change advisory board (CAB) and a change review process where changes are documented through a ticketing system and then reviewed for approval.
Measurabl performs automated hourly backups.
Measurabl has a Business Continuity and Disaster Recovery Plan periodically reviewed, updated, and approved by management.
Measurabl has a formal Incident Response Plan that is reviewed semi-annually. Periodic tabletop exercises are conducted to test the performance of the team response where gaps for improvement can be documented, as well as the strengths of Measurabl’s Incident Response Team.
Measurabl applications are deployed as part of an AWS VPC. These VPCs implement security groups and network ACLs that serve as a firewall. Wazuh (SIEM) is used for network monitoring and intrusion detection, and AWS CloudTrail logs any changes to our AWS VPC. All changes are via code and must pass the rigors of the SDLC.
Measurabl performs stringent background screening of all personnel/contingent workers before employment. Even when using offshore resources, the same standards apply as onshore resources (e.g., background checks, role-based permissions, multi-factor authentication, physical controls on buildings, confidentiality agreements, least privileges, etc.)
Measurabl encrypts your data which aligns with industry-tested and accepted standards. We use TLS 1.2 to encrypt network traffic between users’ browsers and Measurabl’s platform. We also use AWS KMS (Key Management Service), which encrypts the data at rest.
Secure, Reliable Infrastructure
Measurabl uses Amazon Web Services (AWS) data centers for hosting. AWS data centers are monitored by 24×7 security, biometric scanning, video surveillance, etc.
All Measurabl employees complete annual security training; topics include information security, data privacy, and password security. Measurabl also maintains vendor risk management practices, ensuring third parties’ expected levels of security.
Compliance and Certification
Measurabl is currently going through the SOC 2 Type 2 and ISO 27001 audits through a third-party auditor, certifying that our security policies and controls continuously meet the highest industry standards. We anticipate obtaining SOC 2 compliance by the end of Q3 2022 and ISO compliance by the end of Q4 2022. The attestation of the compliance report will be available upon request under NDA for qualified customers. Meeting SOC 2 compliance establishes a new quality for our customers, who are assured that their data is safe according to the latest industry standards.
Measurabl’s SOC 2 audits will be an ongoing commitment to improving our privacy and security practices. That’s why we’ll renew the SOC 2 Type II certification yearly, so you know that your data is safe with us.
We are committed to GDPR compliance and offer information about our practices, sub-processors, and Data Processing agreements.
Privacy Shield certification means that Measurabl privacy and data collection practices have been reviewed and approved by an independent third-party based on the guidelines set forth by Privacy Shield for transparency, accountability, and choice regarding the collection and use of consumer personal information.