RecordPoint is committed to helping keep customer data secure, maintain privacy and meet compliance regulations, while providing high service availability. We have risk-based information security and privacy controls and a compliance framework to ensure that our infrastructure meets our commitments while helping customers meet their complex compliance requirements.
RecordPoint has rigorous internal polices and a training program relating to physical security standards, change management and security notifications, problem management and operational monitoring including system backup and logical security.
RecordPoint currently holds a SOC 2 Type 2 attestation report from an independent auditor for the following trust principles:
RecordPoint is committed to renewing the SOC 2 Type 2 attestation report with an independent auditor on an annual basis to ensure that systems are being operated and managed in a way that adheres to the three trust principles above.
The Records365 service is delivered on Microsoft Azure. This platform provides many of the underlying infrastructure, security, networking and management services that support the application workloads.
All Records365 data centres are audited against SSAE 16, SOC 1 and SOC 2.
For large or sensitive customers, the Records365 service may be optionally single-tenanted. In this scenario, each instance is only assigned to a single customer (at additional cost).
Typical security measures include:
TLS is used for client access traffic. This helps prevent spoofing, impersonation and provides confidentiality for messages in transit.