AGREEMENT BETWEEN CUSTOMER AND COVENDIS, INC

Covendis Security Promise

Secure and Reliable Hosted Solution
We host the Covendis application and our customer’s data at Amazon Web Services (AWS). We use managed services within the data center and have comprehensive service level agreements to provide the utmost security and reliability to our customers. We secure the data with enterprise-level firewalls, data encryption and we utilize IP restrictions to further secure access to the application and data.

Data Center Security
Below are measures taken by Covendis and our contracted data center to ensure the maximum level of client service and security:

Physical access to the data center is not at risk because all of our data is stored in the AWS cloud.

Multiple layers of traffic filtering, intrusion detection systems and anti-virus protection are in place.

Dual, simultaneous power paths are allocated to critical IT equipment. Separate UPS systems are in place to sustain a full power load and diesel generators provide replacement power in the event that utility power is lost.
Application Security
The Covendis application incorporates rich security features to ensure the security and privacy of our customers’ information
Role-Based Access – Allows control of who can see, edit, export or delete data based on user’s role.

Security Policies – Password policies, failed login attempts, IP range address blocking, session timeouts and user activity is audited and logged.

Account Management and Auditing – User management tools to make it easy to oversee all user accounts and generate reports on all user activities.

Data Encryption – All web traffic is encrypted using 256-bit SSL encryption. Passwords stored on our servers are encrypted by strong hash algorithms.

Data Security Policies and Procedures
Covendis has implemented strict IT policies and best practices to protect and secure data.
Access Control Policies – Only employees with the highest clearance have access to Covendis’ customer data. Employee access is logged and passwords are strictly regulated. We limit access to customer data to only those employees who need such access to provide support and troubleshooting on a customer’s behalf.

Authentication and Encryption – Access to customer data is protected with strong passwords, file permissions, file encryption and properly configured firewalls. All data transported over wireless or public IP networks is encrypted.

Audit Policies – Covendis has implemented strict auditing processes to log and monitor access to customer data.

Data Protection – Covendis has implemented best practice firewall configurations, virus protection and intrusion detection policies to protect against viruses, trojans, spyware and other malicious software and attacks.

Disaster Recovery Plan – A comprehensive disaster plan is in place to ensure business continuity and to prevent data loss.

Physical Security – Policies and measures exist to physically protect data which include locked data rooms and storage, and workstation access restrictions. We also have strict policies regarding disposing of electronic equipment, hard disks or other media containing data, as well as maintaining an accurate inventory of all hardware components.

Employee Policies – Due diligence is performed in hiring of all employees and contractors who will have access to data which include reference checks, background investigations, and signed confidentiality agreements. All employees that have access to data also undergo training to ensure compliance with all IT policies.