Security & Compliance
We have a variety of Security and Compliance governance guidelines in place to help mitigate risk.
PCI & SOX Compliance
- The application does not handle or process credit card information
- All data is encrypted in flight (TLS) and at rest (AES-256)
- What Operating System is used?
- What Database is used?
- MongoDB, Redis
- What Platform is used?
- System requirement (CPU / Memory Requirement?)
- All data lives on AWS servers and is backed up every 6 hours. Data is redundantly stored on 3 separate servers.
- If a major error occurs, we do have the ability to restore from a previous Backup, but our system is set up to avoid this issue.
- We have systems in place to avoid products and components being deleted by accident. Users have to write the word “DELETE” in addition to pressing the delete button in order to completely delete a product or component.
- Backbone can be accessed on any browser, but the system has been optimized for Chrome.
- Backbone’s sign-in page will require a sign in after 1 hour of inactivity.
While Backbone has not been audited for security compliance, we do follow industry standards and best practices, including, but not limited to:
- End to End Encryption in Flight using TLS
- Encryption at Rest (Database)
- Network Isolation - Virtual Private Networks on AWS
- Token based credential expiration
Our key vendors have been audited for compliance:
- Database Provider - MongoDB Atlas. SOC and HIPAA compliant https://www.mongodb.com/cloud/trust
- Cloud Services Provider - AWS. We use SOC and HIPAA compliant services only: https://aws.amazon.com/compliance/services-in-scope/
Support Structure and SLAs
- What quality of resources will you receive from Backbone?
- Our Client Success team is rooted in product development with a vast knowledge of technology, design and development.
- They are available from 9 AM - 6 PM (MST) via, screen-share, phone or email.