Secure
We take our responsibility to protect and secure your information seriously and strive for complete transparency around our security practices detailed below. Our Privacy Notice also further details the ways we handle your data.
Access Control
Access to Choiceform technology resources is only permitted through secure connectivity (e.g., VPN, SSH) and requires multi-factor authentication. Our production password policy requires complexity, expiration, and lockout and disallows reuse. Choiceform grants access on a need to know on the basis of least privilege rules, reviews permissions quarterly, and revokes access immediately after employee termination.
Security Policies
Choiceform maintains and regularly reviews and updates its information security policies, at least on an annual basis. Employees must acknowledge policies on an annual basis and undergo additional training pertaining to job function. Training is designed to adhere to all specifications and regulations applicable to Choiceform.
Personnel
Choiceform conducts background screening at the time of hire (to the extent permitted or facilitated by applicable laws and countries). In addition, Choiceform communicates its information security policies to all personnel (who must acknowledge this) and requires new employees to sign non-disclosure agreements, and provides ongoing privacy and security training.
Vulnerability Management and Penetration Tests
Choiceform maintains a documented vulnerability management program which includes periodic scans, identification, and remediation of security vulnerabilities on servers, workstations, network equipment, and applications. All networks, including test and production environments, are regularly scanned using trusted third party vendors. Critical patches are applied to servers on a priority basis and as appropriate for all other patches.
We also conduct regular internal and external penetration tests and remediate according to severity for any results found.
Encryption
Choiceform encrypts all data at rest in our data centres using AES 256 based encryption. Additionally, Choiceform encrypts all data in motion using (i) RSA with 2048 bit key length based certificates generated via a public Certificate Authority, for communications with entities outside Choiceform’s data centres, and (ii) RSA 256 certificates generated via Internal Certificate Authority, for all the data within the data centre.