We know you've entrusted us with valuable data, and we take its security very seriously. Below, we've provided a deep dive into our security practices, protocols and tooling 🔒
Access monitoring: EnhanceDocs has enabled logging on all critical systems. Logs include failed/successful logs, application access, administrator changes, and system changes. Logs are ingested by our observability and security incident event management (SIEM) solution for log ingestion and automated logging/alerting capabilities.
Backups enabled: EnhanceDocs is hosted by Google Cloud and stores customer data using a combination of databases. By default, Google Cloud provides durable infrastructure to store important data and is designed for durability of 99.9% of objects. Automated backups of all customer and system data is enabled, and data is backed up daily at minimum. The backups are encrypted in the same way as live production data, and are monitored and alerted.
Encryption at rest: Customer data is encrypted at rest using AES-256. Customer data is encrypted when on EnhanceDocs’s internal networks, at rest in Cloud storage, database tables, and backups.
Encryption in transit: Data sent in-transit is encrypted using TLS 1.2 or greater.
Physical security: EnhanceDocs leverages Google Cloud to host our application, and defers all data center physical security controls to them. Please refer to Google Cloud’s Security of physical premises.
Data Access Level: Internal (i.e. EnhanceDocs employees will only ever access your data for the purposes of troubleshooting problems or recovering content on your behalf. )
Hosting: EnhanceDocs is hosted on one of the major cloud service providers (eg., AWS, GCP, Azure, etc.)
Recovery Time Objective: Estimated at 2 hours
Recovery Point Objective: Estimated at 24 hours
Employee training: Security training is required during the employee onboarding process, and annually thereafter. Employees also must read and acknowledge EnhanceDocs’s Code of Conduct and the Security policy.
HR security: EnhanceDocs performs background checks on employees when they are hired in accordance with local laws and regulations.
Incident response: EnhanceDocs has an incident management plan which contains steps for preparation, identification, containment, investigation, eradication, recovery, and follow-up/postmortem that is reviewed and tested annually at least.
Internal assessments: Internal security audits are performed at least annually at EnhanceDocs.
Internal SSO: Multi-factor authentication (MFA) is required for all EnhanceDocs employees to log into EnhanceDocs’s identity provider.