Technical FAQs

This article includes information on various technical information for 12twenty that may be relevant to your University like the 12twenty Hosting Provider, Security Practices, and more.

 

Sections

  1. Who is your hosting provider?
  2. What types of security practices do you follow?
  3. What types of SSO integrations do you offer?
  4. What is the data backup/restore strategy?
  5. What data segregation of duties are implemented?
  6. How is activity monitored/documented/audited?

 

Who is your hosting provider?

The 12twenty platform is hosted in enterprise-grade cloud environments using Microsoft Azure and Amazon Web Services (AWS). Our relational database is hosted on Microsoft Azure SQL Database, and our blob storage is hosted in AWS S3. 12twenty servers and data are hosted in Tier IV or Tier III+ facilities that are SSAE-16, PCI DSS, or ISO 27001 compliant. 12twenty is SOC 2 Type II certified. Customer data is stored regionally based on customer location.

  • Relational database: Microsoft Azure SQL Database

  • Blob storage: AWS S3

  • Compliance: Tier IV or Tier III+ facilities (SSAE-16, PCI DSS, or ISO 27001 compliant)

  • Certification: SOC 2 Type II

  • Regional data storage: US (US customers), Canada (Canadian customers), Europe (European customers)


 

What types of security practices do you follow?

Security is a top priority for 12twenty. We follow industry standard best practices in everything we do. Here is a list of some security practices:

  • Encryption at rest and in transit (including database encryption and encrypted backups)

  • All connections to the website use HTTPS with TLS v1.2 or greater and weaker ciphers are disabled

  • Role-Based Access Control (RBAC) and least privilege access controls

  • Multi-Factor Authentication (MFA) is required for systems where available

  • Server operating systems are patched with important security updates as they become available

  • Firewalls are used to control network traffic to and from the production environment

  • Centralized logging and alerting for significant security events

  • Continuous monitoring, automated penetration testing, and static code analysis via Astra

  • PCI DSS: Stripe/TouchNet handle payments capture and processing (12twenty does not access cardholder data)


 

What types of SSO integrations do you offer?

See https://12twenty.zendesk.com/hc/en-us/articles/4413526233747-Single-Sign-On-SSO


 

What is the data backup/restore strategy?

12twenty’s database infrastructure performs full database backups weekly, differential database backups hourly, and transaction log backups every five to ten minutes, allowing restore to any point in time within 35 days. Additional full backups are performed nightly, permitting restore up to a year in the past. Database backups are stored in geo-redundant storage within Azure Storage. Backups are encrypted at rest and access is restricted to administrators.


 

What data segregation of duties are implemented?

12twenty employs a multi-tenant environment that logically separates each customer’s data. Database and file storage instances host data for multiple customers, and the application enforces authorization controls to ensure authorized access.


 

How is activity monitored/documented/audited?

System logs, including network activity, errors, and security events, are sent to and processed by a centralized log management system over SSL. Alerts are configured for events that represent a significant threat to the confidentiality, availability, or integrity of production systems or confidential data.

Was this article helpful?
0 out of 0 found this helpful

Articles in this section