The safety and security of your data and information is always a top priority for us. In this article we’d like to review our security considerations so you can better understand our commitment to best practices, policies and procedures.
System and Organization Controls (SOC)
AutoQuotes successfully completed its SOC 2 Type 1 examination in May 2017 and has received its report. The examination was conducted by an independent CPA firm. As a publisher or subscriber to AutoQuotes, this means that you can be confident in the secure, trustworthy controls we have in place as a SaaS provider.
Passwords and user authentication
AutoQuotes provides access to the AQ application via a username and password login through a secure channel. For other AutoQuotes products, we provide a securely generated API key. In November 2017, we implemented a blanket password reset. Our password policy now mandates at least eight characters containing letters, numbers, mixed cases and special symbols. For more security that is aligned with best practices, we recommend using “passphrases” with a minimum 20 characters. Passphrases are much harder to hack than a single password, even if the single password contains multiple mixed cases and symbols.
Network protection and monitoring
AutoQuotes uses layers of controls for network protection, including firewalls, intrusion protection systems and network segregation. These multiple layers protect unauthorized access to and within our networks. We continuously monitor security systems, notifications and alerts to identify and manage threats. We are confident that we have minimized our public exposure to the internet.
Storage / Secure data centers
AutoQuotes’ servers are in enterprise-grade hosting facilities that use strict security controls to prevent physical access. This includes 24/7/365 on-site security staff and site monitoring. We maintain multiple data replicas and hosting environments in different locations to minimize the risk of data loss, downtime or power outages.
For reliable uptime, AutoQuotes utilizes layering strategies such as load balancing, task queues, and rolling deployments. All servers that run AQ software in production are IBM Cloud systems, which we have found to be fast and reliable, with minimal issues.
Data encryption and storage
Your information is encrypted, stored and protected on secure servers. We encrypt all data that goes between you and the AQ application using industry-standard Transport Layer Security (TLS). TLS provides privacy and data integrity between communicating applications and prevents unauthorized reading of data during transport.
If you have any questions or concerns about security, please contact us. You can reach our Customer Support department at (866) 452-8324 or firstname.lastname@example.org. Support is available Monday through Friday from 8 a.m. to 6 p.m. ET. After-hours emergency support is available Monday through Friday from 6 p.m. to 8 p.m. ET, and Saturday and Sunday from 8 a.m. to 8 p.m. ET.