— How/where is your application hosted?
The RiskGenius application is hosted using Amazon Web Services (AWS)
— Do you perform regular backups?
Yes. The database is backed up nightly and application servers are backup weekly during scheduled outages.
— Which application architecture, platforms and systems are used to collect, store, and utilize customer data (application platform, application servers in use, database platform and design, etc)?
- Application Server: Tomcat
- Web Server: Apache
- Database Platform: Postgres
— How often are these systems patched?
The systems are patched weekly.
— How is customer data protected (authenticated and encrypted) in transit?
RiskGenius uses HTTPS for all network communications.
— How are user credentials/data stored and protected?
User credentials are stored in our AES 256 encrypted Postgres database.
— Is there a role-based structure that is used to authorize access to the application?
Not at this time. Access to the application is obtained through RiskGenius Support.
— How are user authorizations/roles configured and maintained?
Administrators may configure and maintain authorizations/roles for users.
— What sort of security and training policies do you have in place for RiskGenius employees?
RiskGenius conducts periodic training or sends periodic security reminders to assure that all employees and contractors understand the security policies, and that the consequence of violation of them is immediate termination.