Hivemind and CloudFactory data security statements
HIVEMIND: Our technology is designed to keep your data safe.
As a data business, our technology is designed to keep your data safe. We do this by using strong encryption at every level of your data’s journey. We employ a modern version of Transport Layer Security (TLS) any time data is in transit (between yourself, Hivemind, or a CloudFactory contributor).
To keep your data secure when it is 'at-rest' we utilise the key management and encryption features of our chosen cloud provider, AWS. Our authentication system uses encryption far exceeding what most refer to as 'bank-level' in strength to ensure that nobody can access your data without your permission.
Just as important as the technology, are the processes we employ to ensure we remain at the forefront of this field. All Hivemind staff are regularly trained in the latest threats facing the industry.
We are in the process of obtaining ISO 27001 certification, to ensure we remain robust in our approach to all aspects of security—including access control, audit and logging, systems management, and training. We also engage with an external security specialist to conduct regular pen-testing of our platform to give us, and you, confidence that your data is safe.
CLOUDFACTORY: Ensuring sensitive data remains safe and secure is the number one concern.
Ensuring sensitive data remains safe and secure is the number one concern for organizations outsourcing critical data work to external providers. CloudFactory is a cloud-based workforce solution that acts as an extension of your team. We take your data security very seriously. We’ve established baseline security controls that are followed for all client projects, regardless of data sensitivity.
People: All staff, including Cloud Workers, undergo rigorous background screening, training, and additional evaluative measures conducted by CloudFactory, including a personal interview and resume validation. Cloud Workers are hired, trained and managed directly by CloudFactory and sign non-disclosures with CloudFactory extending to all client work. Security Awareness training is delivered to all staff on commencement of their employment. This training is delivered electronically and a record is kept on their staff records.
Process and Technology: Client data is stored in an encrypted database within AWS, North America region by default. All data 'in-motion' and 'at-rest' is fully encrypted according to regulatory requirements and industry best practices. Cloud Workers are only granted access to projects that they have been assigned to. Cloud Worker laptops are locked down and covered by AV, IDS and DLP. Also, Cloud Worker devices are disabled from downloading data locally or onto storage devices.
Certifications and Compliance: CloudFactory continuously undergoes evaluation against common information security programs, is currently in compliance or certified HIPAA, SOC 2, GDPR, and is on track for ISO 9001 and ISO 27001 certification in 2020. In addition, CloudFactory undergoes external penetration tests every six months, conducted by an independent third party.