All customer data in PartnerTap is hosted exclusively on the world-class cloud infrastructure of AWS and Azure. An independent audit confirmed that the security offered by these platforms go far beyond what most companies have been able to achieve on their own. In addition to the latest technologies, world-class security requires ongoing adherence to best-practice policies. To ensure this adherence we follow SOC2 compliance best practices including independent audits and third-party penetration testing.
Application Level Security
We protect your data by ensuring that only authorized users can access it. Administrators assign roles that determine which data users can access. All data is encrypted in transfer. All access is governed by strict authentication and authorization security policies. Passwords are never stored within PartnerTap. Applications are continually monitored for security violation attempts.
Protection at the Network Level
Multi-tenant systems ensure there is no asset overlap between QA, Stage and Production environments. Each tenant resides in its own private network with isolated data, storage, and compute resources. The only components with a public IP address are the load balancers and VPN servers. Load balancers are protected by a network security group that only allows connections over the secure 443 port. All VM disks are encrypted. PartnerTap personnel access the infrastructure for deployments and maintenance via MFA protected VPN.
HR Policies & Training
All PartnerTap employees must pass a background check and onboarding process that includes security training before beginning work. Engineers must take a more in-depth training that outlines code change policies, code review policies, vulnerability detection and security best practices.
Secure & Scaled
Many PartnerTap customers are global corporations from industries where security and data privacy are particularly critical, such as human capital technology. We allow our customers to administer control over data introduced to PartnerTap through processes to block sensitive records. We also provide a cloaking mechanism for companies so they do not appear in PartnerTap when searched for outside of their designated ecosystem.
We recognize that you will have additional questions about security, beyond the basics covered here. Please contact firstname.lastname@example.org for more information about the policies, practices and technologies in place to protect your data.