Social Solutions Global, Inc. (“SSG”) takes comprehensive measures to ensure that data is kept safe, confidential and recoverable in the case of a disaster. Social Solutions’ office sits behind a firewall which extensively controls, tracks, and reports access to our internal infrastructure. Our software meets current required HIPAA standards.

Data Security

 Apricot® uses user names and passwords to prevent unauthorized access and to  restrict user access within the application. Each unique user account is assigned  access to programs and permission sets to restrict access to data and features in the  system. Customer data is housed in one of the three locations (CA, U.S., or AUS)  based on the location of the client. Data is stored using redundant hardware  technologies and SSG fault tolerant software and journaling file systems.

Encryption

Social Solutions uses state-of-the-art equipment and technology to safeguard the confidential nature of your data. Your data is automatically encrypted while in transit between your computer and our servers as well as while in the database. Social Solutions uses the largest commercially available SSL cipher key size of 2048 bits. Users access Apricot® software web application servers via secure HTTPS connection.

Server Security

Each of our servers is individually governed by a system that is designed to prevent unexpected Internet data from being processed by our server software. IDS, virus scanning, automated system checks, and remote logging guard against unauthorized access. Our servers implement electronic surveillance and multi-factor access control systems to secure its data centers. Data centers are staffed 24x7 by trained security guards, and access must be strictly authorized. Multiple availability zones allow Apricot® to remain resilient in the face of most failure modes, including natural disasters or system failures. In case of a disaster in our main region, Social Solutions will have Apricot® up and running between 24-48 hours in a backup region.

Redundant Infrastructure and Backups:

  • 24/7/365 monitoring of up-time across the infrastructure
  • Redundant water, power, telecommunications, and internet connectivity to maintain continuous operations 
  • Uninterrupted power supply to reduce possible service outages

Retention Policy

  • Keep daily backups for 12 months 
  • Keep weekly backups for 6 weeks

Compliance

  • SOC 1/SSAE 16/ISAE 3402 (formerly SAS70)
  • SOC 2
  • SOC 3
  • PCI DSS Level 1 
  • ISO 27001

Additional resources available here and here

Passwords

  • can be set to have a minimum length
  • can be set to contain non- alpha-numeric characters
  • can be set to expire
  • can be locked after a set # of invalid login attempts
  • can be changed by a local administrator
  • are not displayed upon entry and are encrypted
Did this answer your question?