Plandek’s business processes are built around the security requirements of our enterprise clients
Employee access to customer data
- No Plandek employees access client data unless it is necessary to support the service or to resolve an incident. We also respect the privacy of our customers, so when it is necessary to access client data in Plandek, we will only view the minimum amount of data necessary to resolve the issue.
- Plandek limits the number of employees who have the ability to access customer data or production infrastructure to the minimum necessary to maintain and run the systems.
- Plandek requires that employees with access to customer data are based in the EEA. All employees are also vetted before employment commences, and all contracts contain confidentiality clauses.
Employee systems access
All access to internal systems and tools are only possible through either a VPN or Google Cloud Identity Aware Proxy and all employee devices are encrypted. We also mandate strong passwords and 2FA for employee accounts.
Plandek supports authentication via Auth0, either with a username and password or via your own single sign on service. Our authentication system is built using Auth0. You can read more about Auth0’s security here: https://auth0.com/security. Plandek supports fine grained role based authentication.
Protection of your access credentials
All access credentials which we hold are encrypted with Google Key Management Service.
Backups and Disaster Recovery
Plandek infrastructure covers multiple availability zones, and our databases are backed up and tested automatically daily.
Plandek has a comprehensive and robust incident response plan for handling security incidents, from identification, to rapid mitigation to the post-mortem process.
Reporting an issue
If clients believe that they have identified a security issue, they contact email@example.com and the team will be in touch (within a tight SLA) to learn more about it and work with the client to reproduce and resolve the issue.