You trust Productable to help your team reduce the risk of failed investments, speed up capability development, and make better innovation investments. Our most important job is to keep your data safe along the way.
Productable undergoes regular penetration tests, practices zero trust philosophy, Least Access, and utilizes industry best-practice for encryption at rest and in transit.
Productable leverages the knowledge and skillset of Whitehat Hackers and Security Professionals to constantly test the security of our website and applications.
Productable is committed to ensuring that Customer Data is not seen by anyone who should not have access to it. We have audited controls and policies that govern our employees’ access to production systems.
Productable uses Amazon GovCloud Web Services (AWS) for the hosting of our services. AWS data centers are monitored by 24×7 security, biometric scanning, video surveillance and are SOC 1, SOC 2, and SOC 3 certified.
All Customer Data is encrypted both at rest and in transit. Services are reachable exclusively via HTTPS with TLS 1.2 or higher. We are careful to make sure no resources are loaded from plain HTTP sites.
Production servers and databases are hosted in a dedicated VPC within GovCloud and are not publicly accessible. All servers are configured with two-factor authentication and all unnecessary ports are blocked by AWS Security Groups.
Productable's databases operate in multiple availability zones and have several layers of backup and replication. Primary databases have automatic backups, with point in time recovery, and additional snapshots taken every hours and stored in a second region.
Internal processes keeps our services and applications up to date and free of vulnerabilities. Breaches will be reported within 72 hours (48 hours for Enterprise customers), externally reported vulnerabilities will be fixed ASAP.
