In a word, YES!
From owning, storing, transferring, accessing, backing up, monitoring, and testing & reviewing our security procedures - all aspects are covered to meet industry standards and legal compliance regulations.
We have preempted a lot of security concerns you may have. Please run through the following list of questions and don't hesitate to contact us with any other queries you may have.
1. WHO OWNS OUR DATA?
You are the owners of your data and you are ultimately responsible for it.
This means that we do everything that is technically possible to protect it, we don't share it, we don't sell it, and it is used solely by you for the express purpose of helping you manage your business. We believe your business is your business and should remain so
2. WHERE AND HOW IS OUR DATA STORED?
All your data is stored using Amazon Web Services (AWS), one of the world's leading Cloud Based Suppliers. AWS is used by millions of businesses from Airbnb, to Capital One and Netflix.
The data is stored in Ireland to meet all European regulations and is physically secured by trained and audited Security staff around the clock, 365 days a year.
3. IS THE TRANSFER OF MY DATA SECURE?
Yes. Your data is transferred with high-grade TLS 1.2 (https) technology. This is an industry standard for technology and is used by everybody from Google to International banks.
We also take the precaution of limiting the duration of bob sessions and will automatically log you out of bob after two idle hours. We only use secure cookies (which don’t store any personal information locally).
4. WHO CAN ACCESS MY DATA?
Only you and a small number of authorised bob personnel can access your data. Any bob team member doing so will be performing specific (audited) tasks on your request via our support desk. Access to all sensitive data requires two-factor authentication by this personnel
5. IS MY DATA BACKED UP?
Our data centres back up your data multiple times a day and your data is fully restored within minutes in the unlikely event of a problem
6. HOW DO YOU MONITOR ACTIVITY ON THE SITE?
We keep an audit log of all activity on system data, and in each User Card, you will be able to see a log of all changes made to that card
7. HOW DO YOU TEST AND REVIEW YOUR SECURITY SO THAT IT IS ALWAYS UP TO SCRATCH?
Our site and API undergoes independent, ongoing 3rd Party penetration testing, security scans, threat detection and black box assessment.
8. DO YOU MEET ALL LEGAL AND DATA PROTECTION COMPLIANCES?
Yes, we are registered with the ICO (Information Commissioner's Office) and continually monitor all aspects of policy with regard to data protection.
9. SOME QUESTIONS YOUR IT DEPARTMENT MAY ASK:
9.1 WHO OWNS THE ENCRYPTION KEY & DO YOU HAVE ACCESS TO IT?
As in most SAAS companies e.g. Google, Skype, Slack, ... the encryption key is owned and managed by the Supplier (ie. bob)
9.2 IF YOU’RE HOSTING MULTIPLE TENANTS WITHIN YOUR CLOUD INFRASTRUCTURE, WHAT SECURITY MEASURES PREVENT ONE CUSTOMER ACCESSING ANOTHER CUSTOMER’S DATA? IS OUR DATA SEGREGATED FROM OTHER CUSTOMERS?
Following industry standards, each piece of data stored is associated with a tenant ID. All access to data is enforced to use a tenant ID key.
Data is logically divided. If the information is stored on disk then every client has its' own folder, if data is stored in a database then access to the data is strictly enforced to use tenant identifier so there's no leakage between clients
10. WILL I SLEEP SOUNDLY?
That depends on what your neighbours are like, but what we do know is that data should be the least of your worries.
Using bob means that your data is stored in an infinitely more secure environment than data stored in unprotected spreadsheets and saved on ageing servers in company IT rooms