CLEVVA conforms to international best practice data security standards and has employed the relevant security layers, systems, policies, procedures and mechanisms to mitigate accessibility and data risk.
To ensure our cloud services provide you with the necessary security, CLEVVA has chosen Hetzner as our hosting provider for our multi-tenanted cloud offering. Hetzner provides servers both with South Africa and Europe. For more detail on our hosting service provider, refer to the links on the right.
From a data security perspective, CLEVVA mitigates the risk of data breaches in the following way:
1. Tightly controlled super user access system.
2. Timorously applied security related server software updates.
3. Web Application Firewall (WAF)
4. Strict Password Requirements and Controls:
– Must include at least one number
– Must include at least one CAPS and include at least one symbol
– Cannot be reused within 12 password change cycles
– Password is never shared via email. User sets the password during activation.
– Password reset every 60 days
– 128bit SSL Encryption.
– IP Address Based Access Restriction.
– Prepared Statements, Protection from SQL Injection Attacks
CLEVVA mitigates the risk of Data Loss in the following way:
– Data is backup up nightly on a 14 day rolling cycle.
– Backups are stored in two different locations 1500km from each other.
– The hosting facilities have fire detection through Very Early Smoke Detection Apparatus (VESDA).
– 24/7 security presence with CCTV camera surveillance.
– Biometric access is installed on all access points.
– A high voltage electric fence provides perimeter security.
– Fully redundant, physically separated A+B feeds provide power to the hosting facility.
– A single utility power feed can be disconnected without interruption to service.
– UPS backup and a standby generator on each feed provides further resilience.
CLEVVA mitigates the risk of Insecure Interfaces in the following ways:
Access to API Methods is controlled by an apitoken param and is required by all methods for authentication. This apitoken is unique to the api user, and will be provided by Clevva.
API Method Calls are monitored and specific methods are restricted to outside of business hours.
CLEVVA mitigates the risk of Malicious Insiders in the following ways:
Tightly controlled super user access system.
Passwords need to reset every 60 days.