Security
PerformYard has invested heavily in enterprise-class security and data management techniques in the development of our product architecture and platform. Protecting the confidentiality, integrity, and availability of our customers’ systems and data is of the utmost importance to PerformYard, as is maintaining customer trust and confidence.
We’ve partnered with Amazon Web Services (AWS) as our data center provider and are delivering PerformYard software to enterprise customers globally on top of a proven and scalable cloud-computing platform.
Network Security
At PerformYard we're relentless about our network security. With advanced tech and best practices, your data is in safe hands.
Automated Monitoring Systems
PerformYard uses a variety of automated monitoring systems to provide service performance and availability. These monitoring tools are designed to detect unusual or unauthorized activities and conditions at ingress and egress communication points.
The tools monitor server and network usage, port scanning activities, application usage, and unauthorized intrusion attempts.
Advanced Firewalls and Security Groups
Our architecture is configured with a complete firewall solution; this mandatory inbound firewall is configured in a default deny-all mode and PerformYard has leveraged security groups to explicitly open the ports needed to allow inbound traffic and to prevent unauthorized access.
The traffic may be restricted by protocol, service port, and source IP address (individual IP or Classless Inter-Domain Routing (CIDR) block). We also implement security best practices like web application firewall (WAF) and vulnerability scanning
Replication Data Backups
We use real-time replication with automatic failover to ensure complete backup and minimal downtime.
Data Backups
PerformYard has invested significant resources in secure backups that run continuously, efficiently, and with point-in-time recovery within the previous 24 hours.
The retention process replicates data to encrypted, fault-tolerant, and geographically distributed data centers in the US. If your system does go down, the most recent backup is only moments behind, minimizing any exposure to data loss.
Replication Process
Data snapshots are taken every 6 hours and stored using the below schedule.
- Six (6) hour interval snapshots stored for two (2) days.
- Daily snapshots stored for one week.
- Weekly snapshots stored for one month.
- Monthly snapshots stored for one year.
Data Security & Ownership
We value your data security and ownership. Your information stays yours, protected by our robust safeguards and commitment to privacy.
Encryption
PerformYard has implemented enterprise-grade security and encryption to ensure your data is protected. Like many banks, we use a 2048-bit key for authentication and also one of the strongest block ciphers available – 256-bit Advanced Encryption Standard (AES-256) encryption to ensure your data is always encrypted.
In addition, PerformYard database clusters on AWS make use of the General Purpose SSD (gp2) EBS volumes, which include support for AES-256 encryption. PerformYard also encrypts all customer data at rest and implements these advanced data protection features in our architecture.
Data Ownership and Portability
We’ve made a clear commitment to data portability. You own your data, and can take it with you at any time. As much as we’d hate to lose even a single customer we do not hold your data hostage. You can easily export your data from PerformYard at any time using common and standard formats.
PerformYard respects customers right to retain ownership of all data and content created within our application. Customers’ subscription to and usage of PerformYard software does not grant PerformYard ownership rights of client data.
Privacy
Your Privacy is important to us and we’ve publicly published our Privacy Policy (https://performyard.com/privacy/) on our website so you know how personally identifiable information is treated and managed.
3rd Party Security Audits
PerformYard has undergone rigorous third-party audits to guarantee your data is safeguarded with the utmost care and diligence.
SOC 2 Certification
PerformYard is SOC 2 certified and has contracted with a certified CPA auditor to conducted a SOC 2 Type II examination of PerformYard’s platform. (Report available upon request)
The final SOC 2 report confirms and provide assurance that the controls, service commitments, and system requirements stated in the description were suitably designed, and achieved, based on the applicable trust services criteria.
Overall Security Review and Risk Assessment
PerformYard has contracted with 3rd party security firm(s) to assess and perform an independent, third-party high-level security review of PerformYard, Inc.’s Software as a Service (SaaS) offering. The conclusion of the review is that PerformYard operates the SaaS in a secure manner consistent with commercial security practices for cloud-based information assets.
In addition, PerformYard has established corporate-level security policies and procedures that govern the operations of the PerformYard SaaS platform.
Penetration Tests
PerformYard works with HALOCK Security Labs (“HALOCK”) to perform an annual penetration test as part of their ongoing security due diligence. HALOCK Security Labs (“HALOCK”) is an information security professional services firm specializing in penetration testing, risk management, compliance, incident response handling, and remediation services. HALOCK’s Penetration Testing Team has conducted thousands of penetration tests, building a solid reputation of excellence. For more information, please refer to https://www.halock.com/.