synkLogo
Menu
unsignedUser

Security and Reliability

Synk.to is committed to protection and due use of customer data. Our platform is designed to ensure the privacy and security of our platform end users. As a company committed to the security of our client's data, we implement and maintain the following physical, administrative and technical controls to safeguard data while in transit and at rest.

Image

1. Security Program and Policies

1.1 Synk.to maintains and enforces a risk-based security program and framework that addresses how we manage security.  Synk.to’s security framework is based on the ISO 27001 Information Security Management System and includes the following areas: Policies and Procedures, Asset Management, Access Management, Cryptography, Physical Security, Operations Security, Communications Security, Business Continuity Disaster Recovery Security, People Security, Product Security, Cloud and Network Infrastructure Security, Security Compliance, Third-Party Security, Vulnerability Management, and Security Monitoring and Incident Response.

1.2 Our security program includes:

  • documented policies that we approve, publish and communicate to appropriate personnel internally and review at least annually,
  • documented, clear assignment of responsibility and authority for security program activities,
  • regular testing of the key controls, systems and procedures.

2. Risk and Asset Management

2.1 Synk.to utilizes an integrated risk management approach with a focus on both technical and operational security practices. Ongoing and systematic risk assessment is a consistent part of selecting appropriate improvement protection controls and ensuring that Personal Data is safe.

2.2 Synk.to takes reasonable actions to identify assets and their level of criticality. The full inventory and categorization are the basis to select and implement optimal technical and organizational security measures to make sure that the assets and information are protected.

3. Personnel security and awareness

3.1 Synk.to’s personnel (employees and contractors) do not process Personal Data without authorization. Personnel isare obligated to maintain the confidentiality of any Personal Data and this obligation continues even after their engagement ends.

3.2 Synk.to’s personnel (employees and contractors) acknowledge their data security and privacy responsibilities under Synk.to’s policies.

3.3 Synk.to is focused on employee security awareness as a key driver to improve overall security maturity level and culture. Synk.to’s personnel (employees and contractors) conduct security and privacy training at least annually.

4. Access Management

4.1 Synk.to manages access based on “Need to know” and “Least privilege” principles. That means that personnel is only permitted to have access to customer data when needed for the performance of their functions.

4.2 Synk.to deactivates the authentication credentials of personnel immediately upon the termination of their employment or services.

4.3 In order to access the production environment and critical systems, a user must have a unique username and password and multi-factor authentication enabled.

4.4 Synk.to implements measures to prevent information systems from being used by unauthorized persons, including the following measures (a) user identification and authentication procedures; (b) unique username/password (c) password complexity policies (special characters, minimum length, change of password) (c) automatic blocking (e.g., password or timeout).

4.5 Synk.to performs access monitoring and logging for the production environment and critical systems.

5. Technical and Application Security Measures

5.1 Synk.to has implemented and will maintain appropriate technical and application security measures, internal controls, and information security routines intended to protect Personal Data against accidental loss, destruction, or alteration; unauthorized disclosure or access; or unlawful destruction as follows:

  • Segregation of environments. Synk.to segregates development and production environments to make sure that Personal Data is protected from any kind of unauthorized access.
  • Encryption in transit. All external network communications are protected with encryption. We support the latest recommended secure cipher suites to encrypt all traffic in transit, including the use of TLS 1.2 protocols, AES256 encryption, and SHA2 hash functions, whenever supported by the clients.
  • Encryption at rest. Customer data at rest is encrypted using FIPS 140-2 compliant encryption standards, which applies to all types of data at rest within Synk.to’s systems—relational databases, file drives, backups, etc. Access to cryptographic keys is restricted to a limited number of authorized Synk.to personnel.
  • Redundancy. Synk.to selects IT Infrastructure suppliers that are committed to provide mechanisms with builtd-in security best practices for confidentiality, integrity, and availability. Synk.to’s main IaaS provider AWS is committed to meet the strict Disaster Recovery (DR) Service Level Agreement.
  • Vulnerability assessment. Synk.to performs automated and manual application and infrastructure security testing to identify and patch potential security vulnerabilities. Critical software patches are evaluated, tested, and applied proactively.
  • Penetration Testing. We engage independent service providers to perform penetration tests to assess the potential system security threats at least on an annual basis.
  • Software Development and Acquisition. Synk.to follows security- by- design principles across different phases of the Service creation lifecycle from requirements gathering and product design all the way through product deployment. For the software developed by Synk.to, Synk.to follows secure coding standards and procedures set out in its standard operating procedures.
  • Storage. Synk.to’s production databases and data processing servers are hosted in a data center located in AWS. Synk.to maintains complete administrative control over the databases and virtual servers, and no third-party vendors have logical access to Personal Data.
  • Change Management. Synk.to implements documented change management procedures that provide a consistent approach for controlling, implementing, and documenting changes (including emergency changes) for Synk.to’s software, information systems or network architecture.
  • Network security. All network access between servers is restricted, using access control lists to allow only authorized services to interact in the network. We utilize third-party tools to detect, mitigate, and prevent Distributed Denial of Service (DDoS) attacks.

6. Third-Party Provider Management

6.1 Synk.to may use third- party providers to provide the Services. In selecting third- party providers who may gain access to, store, transmit or use Personal Data, Synk.to conducts a quality and security assessment pursuant to the provisions of its standard operating procedures.

6.2 Synk.to enters into written agreements with all of its providers which include confidentiality, privacy, and security obligations that provide an appropriate level of protection for Personal Data that these providers may Process.

7. Physical and Environmental Security

7.1 Synk.to uses AWS data centers to host its production infrastructure. AWS data centers are strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Each data center has redundant electrical power systems that are available twenty-four (24) hours a day, seven (7) days a week.

7.2 Synk.to reviews third-party audit reports to verify that Synk.to’s service providers maintain appropriate physical access controls for the managed data centers.

8. Resilience and Service Continuity

8.1 Synk.to implements measures to ensure the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident, including:

  • Ongoing Personal Data backup procedures. Backups are retained redundantly across multiple availability zones and encrypted in transit and at rest.
  • Synk.to uses specialized tools to monitor the Service performance. The alert is triggered in the event of any suboptimal server performance or overloaded capacity.
  • Disaster recovery plans are in place to recover in case of Personal Data availability issues.

9. Information Security Incident Management

9.1. Synk.to implements security incident management policies and procedures that address how we manage Data Breach and other security incidents.

9.2. In case of Data Breach Synk.to will promptly investigate the incident upon discovery. To the extent permitted by applicable law, Synk.to will notify Customer of a  Data Breach. Data Breach incident notifications will be provided to Customers via email or in the other way agreed with Customer.

Documentation
How it worksDelegate Google Groups managementSync Google Workspace and Azure ADSync Google Workspace and SlackSync Google Workspace and MS 365Connect | Azure AD (Entra ID)Connect | BambooHRConnect | Confluence CloudConnect | Google WorkspaceConnect | Jira CloudConnect | SlackConnect | ZoomSecurity & ReliabilityFAQ
synkLogo
Cookie
We use cookies and you consent to our collection of them for this website.
Privacy Policy