Security is important to us and we’re committed to identifying ways to continually improve. We follow industry standards, use world-class technology, and have third-party audits performed to secure and manage applications, systems, and data. Our goal is to ensure we maintain trust and evolve our security program to address the current threat landscape and to exceed our customer’s needs and expectations.
We implement security best practices to meet industry compliance. Terminus has completed the examination for Service Organization Controls (SOC) 2. This is an important step to ensure our customers understand that information security is important to us and we value our customers. To request a copy of our SOC 2 report, please contact us at firstname.lastname@example.org.
Data Center Security
We ensure the confidentiality and integrity of your data with industry standards and best practices. Terminus servers, infrastructure, and applications are hosted in world-class SOC, ISO, FedRAMP, CSA, GDPR, HIPAA, and PCI DSS compliant facilities. These facilities are regularly tested for security controls and compliance by independent third parties and data center compliance reports can be provided upon request. To request a copy of data center compliance reports, please contact us at email@example.com.
All customer data including log and backup data are encrypted using TLS over HTTPS for data in transit and AES 256 bit encryption for data at rest. The keys are symmetric and are a combination of 256-bit Elliptic Curve Diffie-Hellman and AES Galois Counter Mode (GCM) keys derived from a hardware secure module (HSM) backing key in counter mode using Hashed Message Authentication Code (HMAC) with Secure Hash Algorithm (SHA) 256.
Incident Response & Management
Our team monitors for malicious activity such as attempted & active intrusions, excessive login attempts, malicious code injections & executions and is on call 24/7 to respond to security alerts and events. We use tools that provide us with visibility into our environment for incident response, reporting, and troubleshooting capabilities. When an alert is detected that presents a risk to our business, our incident response plan is initiated to identify, respond, analyze, contain, remediate, and recover.
We take steps to securely develop and test against security threats to ensure the safety of customer data. In addition, our application security program includes threat modeling, secure software lifecycle development, manual code review, automated scanning, and third-party security testing using experts from trusted security firms who perform testing against our web applications.
Business Continuity & Disaster Recovery
A disaster recovery and business continuity plan has been developed and testing occurs annually. We use redundant data centers to ensure high availability of data and infrastructure. We also conduct testing to ensure our environment is ready to recover and operate with little to no impact to our customers and our business should an event occur. Our testing also allows us to identify areas for improvement, lessons learned, and ensure each team member is aware of what their responsibilities are.