Security Center

1. Introduction

Team365 CRM information and information systems are valuable assets and must be protected. This is achieved by implementing proper security frameworks for managing risks to Team365 CRM and ensure business continuity by preventing security incidents and reducing their potential impact.

2. Organizational Security

Policies and procedures are defined and implemented across domains and business processes. The policies are Used to test controls and to protect the confidentiality, availability and integrity of Team365 CRM information and information resources.

Employee Vetting

Each employee is vetted before they formally join the company. Team365 CRM employs external third-party vendor to accomplish background verification which includes vetting of criminal records, previous employment records if any, and educational background.

Training and awareness

Security awareness content is created and circulated within different teams to ensure that employees of Team365 CRM are aware of information security policies, emerging threats and common attack vectors. In addition to this security awareness sessions are conducted to raise awareness about the threats, security practices and company policies.

Physical Security

Team365 CRM's corporate security is responsible for protecting Team365 CRM assets in physical locations. Team365 CRM monitors the premises with CCTV cameras, back-up footage is available up to a certain period, depending on the requirements for that location. The access to the premises is granted upon use of Biometric and Keycards identification.

In case of cloud resources (like AWS, DigitalOcean, OVH ) cloud ISPs are responsible to secure the assets and maintain proper security controls.

3. Operational Security

These practices focus monitoring real time communication systems for active threats and procedures to keep information systems protected.

Logging & Monitoring

Infrastructure and applications are monitored 24X7 with proprietary and enterprise tools. We monitor internal traffic in our network, and usage of devices and terminals. We record event logs, audit logs, fault logs, administrator logs, and operator logs and these logs are analyzed for anomalies and incidents. These logs are stored securely in an isolated capacity.

Vulnerability Assessment

Team365 CRM also employs a security team to discover and address vulnerabilities within our software, as well as incentivizing our members of the broader software security community to identify and report vulnerabilities.

Backup

Team365 CRM takes database and file backups of every customer instance every day. This backup is stored on a separate server to protect against the risk of hardware failure. In the case of such a failure, data and service access can be restored within 8 hours.

Security Patches

Team365 CRM performs preventative maintenance to protect against any potential vulnerabilities by deploying patches as and when they are developed internally or otherwise become available.

4. Data Security

Data is key to the business and to maintain confidentiality, availability and integrity of the data all the time, we follow strict guidelines that revolve around our architecture, development and operations.

Engineering practices

Engineering teams follow secure coding guidelines, as well as manual review/ screening of the code before it is deployed in the production.

The secure coding guidelines are based on OWASP standards and implemented accordingly to protect against common threats and attack vectors (like SQL injection,Cross site scripting) within the application layer.

Data Isolation

Team365 CRM follows multi tenant architecture, hence every instance has their own separate space allocated to them. These instances are unaware of every other instance and hence running separately.

Encryption

In Transit

All data transferred between your browser and Team365 CRM’s servers are secured with industry standard TLS 1.2/1.3. This includes webapps, API, mobile Apps and IMAP/POP/SMTP email client access.

We have enabled secure configurations like perfect forward secrecy (PFS) and HTTP Strict Transport Security header (HSTS) to all our web traffic, this mandates browser to connect only via encrypted communication channel.

At Rest

Storage disks of all the servers are encrypted using Disk level Encryption.

Customer data using sensitive fields is encrypted using 256-bit Advanced Encryption Standard (AES), we use AWS Key Management Service (KMS) for Key management.

Backups are encrypted using AES-256 at AWS S3.

Data retention and deletion

We retain customers data as long as they are active subscribers of the service, in case of the cancellation or inactivity following rules ensures data disposal.

For trial accounts that do not start a paid subscription, data is deleted 12 days after the trial ends.

For paid accounts that are canceled, data is deleted 90 days after the account’s cancellation date.

For paid accounts that have a payment failure, the account will be suspended within 15 days, and closed after 90 days. All data will be deleted 1 week after account closure.

For free accounts, data is deleted after 60 days of account inactivity.

Billing data used for invoice generation is retained for 7 Years for business purposes.

Data Location

Team365 CRM’s servers are located in the United States, European Union (Ireland, Frankfurt), Australia, Singapore, Japan and India. The server on which your data is stored depends upon the region in which you are located at the time at which you start your free Team365 CRM trial.

5. Incident Management

Process that describes the activities of an organization to identify, analyze, and correct hazards to prevent a future re-occurrence. If not managed, an incident can escalate into an emergency, crisis or a disaster.

Reporting

Team365 CRM takes database and file backups of every customer instance every day. This backup is stored on a separate server to protect against the risk of hardware failure. In the case of such a failure, data and service access can be restored within 8 hours.

Dedicated teams are responsible to look at different incidents occurring within the environment that applies to you, we follow the mandatory actions of handling and reporting it. We track the root cause of the problem and take precautionary measures to avoid this in the future. Further measures and controls are put in place to mitigate similar situations.

Breach Notification

If a breach is discovered at the service level, Team365 CRM will alert it’s customers and the concerned authorities within 72 hours of the discovery.


Highly Rated By Both Critics And Users

rated-6
rated-2
rated-3
rated-4
rated-5

©2021 Team365 | CRM. Powered By Customer Success Technology Pvt Ltd | Privacy Policy | Terms Of Service | Security Center

Made With | Made In India India