All data entered into ProdPad is encrypted at-rest and in-transit. We use AWS Key Management Store to manage the encryption at rest using AES-256 keys.
All data stores are snapshotted nightly and stored for 30 days. These backups are encrypted. Point-in-time logs compliment the nightly snapshots enabling us to recover data to within seconds of a failure and quickly rebuild in another region should it be required.
At ProdPad we layer protections. Firewalls exist at the host, network and application level. These firewalls have content policies for both inbound and outbound content. Intrusion detection and response systems exist at both the network and host level. Automated vulnerability scans are run regularly (at least once a week) on all levels.
Audit logs exist on all levels to support comprehensive compliance and security requirements. All code is statically analysed and run through an automated and manual QA processes.
ProdPad is hosted on Amazon Web Services, in the EU (Ireland) region. We benefit from the wealth of experience that AWS has built up over the years on running secure, resilient applications. We follow AWS security best practices.
AWS has numerous certifications including ISO 21007, ISO 21017 and ISO 21018 along with more specialist certifications such as HIPAA and FISMA.
CreateShift Ltd maintains the Cyber Essentials certification backed by the UK’s National Cyber Security Centre.
We will be GDPR compliant by May 25th, 2018 as both a Data Controller and Data Processor under the definition of the GDPR. For further details contact firstname.lastname@example.org.
We maintain basic PCI compliance. All Credit Card details are handled by Recurly, Inc and Stripe, Inc. At no point do we receive or store any credit card details.
Compliance is an ongoing process and we will be adding additional certifications in the future.
We don’t re-sell or re-use your data in any way. While our staff are authorised to view the information in your database and logs when specifically required for troubleshooting, we can’t simply log in and see your data.
Support and SLAs
ProdPad is based in the UK, so our support team are available to help you during UK business hours. However, we’re a pretty responsive team, so you’ll often find us responding to your requests earlier or later than you’d expect. We also have an active Slack community for active customers, which can be a big help if you just have a question on how to use the system.
The Slack community is moderated by the ProdPad team and no member is permitted to solicit or spam other members of the community. We are a friendly bunch, so just ask!
Information Security FAQs
Application and Networks Security FAQs
Standards, policies and procedures FAQs
Q: Do you maintain policies and procedures to govern the support and maintenance of the application?
Q: Are you compliant with ISO 27001 or any other standards?
A: CreateShift Ltd maintains Cyber Essential certification backed by the National Cyber Security Centre. We haven’t applied for ISO 27001 compliance, however we have designed our policies and procedures around the requirements specified within that standard. Our hosting provider AWS is ISO 27001, ISO 27017 and ISO 27018 compliant. ProdPad has basic PCI compliance and does not store or receive credit card data.
Q: Do you work with third party providers?
Opting for an Enterprise plan gives you the option of a single-tenanted or even on-premise implementation.
We will also work with your procurement team throughout the evaluation process, with a comprehensive vendor assessment, including security, information security and risk assessments. You can learn more by contacting email@example.com.
Further technical information about ProdPad can be found in our Help Centre.
If you have any feedback on our approach to security, feel free to let us know via firstname.lastname@example.org.