We have a variety of Security and Compliance governance guidelines in place to help mitigate risk.
Application Security
PCI & SOX Compliance
The application does not handle or process credit card information
Data Security
All data is encrypted in flight (TLS) and at rest (AES-256)
Infrastructure
Technology Stack
What Operating System is used?
Linux
What Database is used?
MongoDB, Redis
What Platform is used?
Node.js
System Requirement
System requirement (CPU / Memory Requirement?)
Cloud-Based
Security
All data lives on AWS servers and is backed up every 6 hours. Data is redundantly stored on 3 separate servers.
If a major error occurs, we do have the ability to restore from a previous Backup, but our system is set up to avoid this issue.
We have systems in place to avoid products and components being deleted by accident. Users have to write the word “DELETE” in addition to pressing the delete button in order to completely delete a product or component.
Backbone can be accessed on any browser, but the system has been optimized for Chrome.
Backbone’s sign-in page will require a sign in after 1 hour of inactivity.
Compliance
While Backbone has not been audited for security compliance, we do follow industry standards and best practices, including, but not limited to:
End to End Encryption in Flight using TLS
Encryption at Rest (Database)
Network Isolation - Virtual Private Networks on AWS
Token based credential expiration
Our key vendors have been audited for compliance:
Database Provider - MongoDB Atlas. SOC and HIPAA compliant https://www.mongodb.com/cloud/trust
Cloud Services Provider - AWS. We use SOC and HIPAA compliant services only: https://aws.amazon.com/compliance/services-in-scope/
Support Structure and SLAs
Technical Expertise
What quality of resources will you receive from Backbone?
Our Client Success team is rooted in product development with a vast knowledge of technology, design and development.
They are available from 9 AM - 6 PM (MST) via, screen-share, phone or email.