EFFECT SYSTEMS Information, Data Security Policy
All our services are stored and served from the AWS cloud infrastructure. We go by the Shared Responsibility model: https://aws.amazon.com/compliance/shared-responsibility-model where by AWS is responsible for security of the AWS infrastructure while we are responsible for securing the data, OS platform, access. Application security, firewall settings, data integrity, encryption etc.
This Security Policy governs the processing of data provided by a client in connection with their user license agreement or through the use of the EFFECT SYSTEMS Services. By using the systems, our services, or our website, or by signing an Agreement with EFFECT SYSTEMS, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our services.
EFFECT SYSTEMS Data on the EFFECT SYSTEMS Servers
Being a cloud solution, the software and all client data is stored on EFFECT SYSTEMS Servers, which are built on the AWS (Amazon Web Services) platform.
Amazon Web Services (AWS) is a leading cloud services platform, providing database storage, content delivery and a range of other functions. It is the largest and most successful cloud platform provider in the world.
AWS makes security its top priority, providing a data centre and network architecture built to meet the requirements of the most security-sensitive organizations such as NASA, Atlassian and Dow Jones. AWS is constantly evolving its core security services such as identity and access management, logging and monitoring, encryption and key management, network segmentation and Denial of Service (DDoS) protection.
EFFECT SYSTEMS stores data in the jurisdiction of origin, in at least 3 availability zones primarily in Ireland, with alternative locations in Europe, USA, Australia, and Asia. EFFECT SYSTEMS actively works to take advantage of AWS services, following Information Security best practices.
EFFECT SYSTEMS also makes continuous backups, so your EFFECT SYSTEMS data will be up to date to the time you last connected to the Internet.
We keep your EFFECT SYSTEMS data safe by adhering to industry best practices.
AWS has an extensive and constant Cyber Security presence (its reputation depends on it) and EFFECT SYSTEMS too has its own Information Security Team. We continually monitor our AWS environment, implementing updates and patches in line with best practices prescribed by AWS.
You can find out more about AWS security in the official AWS Security reference: https://aws.amazon.com/security
EFFECT SYSTEMS understands security is of foremost importance to its customers.
EFFECT SYSTEMS utilizes multiple layers of security controls (software, physical and process based) to protect our client data. This includes, but is not limited to:
• AWS Network Firewalls
• DDoS Throttling Services
• Access Control Lists
• Security Patch Management
• Identity and Access Management
• Centralized Log Management
• Two Factor Authentication
• Separation of Duties
• Remote Monitoring & Alerting
Access to AWS backend
Only a select number of trained EFFECT SYSTEMS employees have access to the AWS infrastructure backend. Access is limited and provided to these employees via Two Factor Authentication and
EFFECT SYSTEMS may at a client’s request implement Password Complexity, Password Expiration, Two factor authentication and password restore options.
These are not implemented automatically but can be applied to any of our systems based on a client request.
Applications are all accessed via HTTPS using Transport Layer Security (TLS). TLS is a cryptographic protocol designed to protect information transmitted over the internet against eavesdropping, tampering, and message forgery.
We usually do not encrypt data at rest, however this can be implemented on a per request basis.
Using the AWS infrastructure, EFFECT SYSTEMS can implement high availability settings. These are implemented only upon request. At the same time we do implement DB continuous backups and application backups that allow quick recovery in any case of data loss or service interruption.
All data is backed up either continuously of multiple times daily, with at least 3 months of data backup.
EFFECT SYSTEMS systems are monitored 24hours a day, 7 days a week, 365 days a year.
Data Breach Notification
EFFECT SYSTEMS will notify the customer without undue delay and in writing on becoming aware of any Data Breach in respect to our client’s data.
If a vulnerability is identified or data is available publicly outside of the EFFECT SYSTEMS Software, please contact EFFECT SYSTEMS immediately via email@example.com.
Actions taken in case of a security breach:
If you provide to EFFECT SYSTEMS any personal or sensitive data relating to other individuals, either directly, through our websites, through our software, or otherwise, you represent that you have the authority to do so and permit us to use, access, or host that data in accordance with this policy.
EFFECT SYSTEMS employs industry standard security measures to ensure the security of information. However, the security of information transmitted through the Internet can never be guaranteed. EFFECT SYSTEMS is not responsible for any interception or interruption of any communications through the Internet or for changes to or losses of information. Site users are responsible for maintaining the security of any password, user ID, or other form of authentication involved in obtaining access to password protected or secure areas of any EFFECT SYSTEMS systems.
In order to protect you and your information, EFFECT SYSTEMS may suspend your use of a website, without notice, pending an investigation, if any breach of security is suspected. Access to and use of password protected and/or secure area of any Unauthorized access to such areas is prohibited and may lead to criminal prosecution. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with at firstname.lastname@example.org or by phone.