Process PA is committed to implementing proven best practices for creating secure applications
Process PA is hosted on Microsoft’s world-class cloud-hosting platform Azure. Its cloud-based technology is used throughout our development process to ensure security through data access, in transmission and in storage while employing data loss protection methods.
Access to databases and file storage is only accessible to internal Azure services and an explicit white list of computers for support and management. Access control levels are set to explicit for authorized management users. Any other attempts to access the data from different computers or users is blocked. Firewall rules are used by both the server and the database to reject connection attempts from IP addresses that have not been explicitly whitelisted.
End users have access to their own data at anytime through the web application.
Data in transmission
All connections to Web Application and the Database require encryption (SSL) at all times while data is “in transit” to and from the web application or database. Transport-level encryption, HTTPS, which allows data to be transferred in an encrypted form known as Secure Sockets Layers (SSL), is employed for all data transmissions.
Data in storage
Customer data is stored in a database that employs data encryption to help protect against the threat of malicious activity by performing real-time encryption and decryption of the database, associated backups, and transaction log files at rest. See Transparent Data Encryption for more information. Transparent Data Encryption protects your data and helps meet compliance requirements by encrypting your database, associated backups, and transaction log files at rest.
Data loss protection
The data is on continuous backups and distributed across multiple servers and data centers to prevent loss in disaster scenarios.
To read more about Microsoft Azure Security please visit the Microsoft Trust Center.
Microsoft provides the widest range of certifications to comply with national, regional and industry-specific requirements governing the collection and use of individuals’ data. Read more at the Microsoft Trust Center // Compliance.