Frequently Asked Questions
Who is your hosting provider?
The 12Twenty IT infrastructure is hosted by industry-leading cloud service provider Rackspace. Rackspace is an enterprise-grade hosting provider with comprehensive information security controls, redundancy/fail-over systems and disaster recovery procedures. Here is a brief list of some of the industry-leading security standards that are followed by Rackspace:
- SSAE 16
- ISO 27001
- ISO 14001 (UK)
- SOHSAS 18001 (UK)
- Payment Card Industry (PCI) Data Security Standard (DSS) Level 1 Service Provider
More details can be viewed here
What types of security practices do you follow?
Security is a top priority for 12Twenty. We follow industry standard best practices in everything we do. Our servers are hosted by industry-leading cloud service provider Rackspace. Here is a list of some security practices:
- SSL required for all connections
- TrustE Certified
- Continuous Monitoring by third-party WhiteHat Security
- Static Code Analysis by Veracode
- 201 CMR 17 Compliant
- A Qualys SSL Labs Report can be viewed here.
What types of SSO integrations do you offer?
Currently, 12Twenty offers three options for single sign-on integration with your system -- SAML
, and 12twenty Proprietary
. All three are very viable options and we are happy to provide service using any of the above. Please let your point of contact know which one you would like to use. If you need help making a decision, we can assist you with that as well!
What is the data backup/restore strategy?
The data is encrypted and backed up differentially every hour, and fully once per night to two disparate locations (Rackspace and Amazon S3). The data restore is also tested after each release cycle (typically every three weeks).
What data segregation of duties are implemented?
Data segregation is implemented at a per-customer level. Each customer is considered a separate entity that has access only to its own data.
How is activity monitored/documented/audited?
System activity logs are used and maintained to monitor key activity in the system. If necessary, logs can be reviewed for troubleshooting or to review any suspicious activity.