Trust Center

At PortX, our customers’ trust is paramount. That’s why we’ve integrated security at every level of our service. Leveraging a layered approach to security, we incorporate best practices at every level, from in-house measures to our choice of sub-service organizations. This page offers insight into our security measures to keep your information safe. If you have additional questions, please contact us at [email protected].

Contact Us

Security Graphic

Certifications and Affirmations

PortX is dedicated to upholding the confidentiality, integrity, and availability of the data entrusted to our care. We prioritize ensuring the security of both your data and our systems. Information security remains paramount and receives unwavering support from our top leadership. Our information security management framework is constantly evolving to align with premier security standards. Both internal and external audits routinely assess our security controls.

AI CPIA Soc Logo

Data

Our operations revolve around a diverse array of data types, including:

  • Customer Data – All the essential information related to our clients.
  • Production Data – Pertaining to our operational processes and product lines.
  • Employee Data – Information about our dedicated team members.
  • Internal Data – Core data utilized for internal functions and decision-making.
  • Transaction Data – Detailed records of all transactions carried out.
  • System Files – Core files that run our intricate systems.
  • Error Logs – Essential for continuous improvement and troubleshooting.
  • Payment Data – Secured information concerning financial transactions.
  • Authentication Information – Used to verify the identities of users and systems.
  • Account Balance Information – Financial data related to account standings.
  • Source Code – The backbone of our software solutions.
  • Intellectual Property – Original creations and innovations by PortX.

How Do We Handle Your Data?

Integrity and Compliance

Data, regardless of its type, is fully compliant with all pertinent legal, regulatory, and contractual requirements. We don’t hold onto data any longer than necessary.

Protection Based on Classification

We ensure that data sensitivity, confidentiality, integrity, and availability are protected based on the customer’s security classification. This means that your data remains secure and retrievable as per your business needs without compromising on any legal or regulatory standards.

Our Data Classification System

To further bolster our commitment to data security, we follow a stringent data classification policy:

  1. Public – Data that is open and available to the general public.
  2. Internal – Information used within PortX but isn’t disclosed publicly.
  3. Company Confidential – Vital information that is pivotal to the operations and strategies of PortX and is protected from unauthorized disclosure.
  4. Customer Confidential – Information provided by our customers that demands the highest level of security and confidentiality.

By classifying our data, we can apply specific protection measures tailored to the nature and sensitivity of the data.

IT Policies and Procedures

We follow a suite of formal IT policies and procedures encompassing:

  • Physical security
  • Logical access
  • Computer operations
  • Change control
  • Data communications

All teams at PortX are mandated to abide by these protocols and deliver services with utmost safety. For transparency, our procedures are available on the company’s intranet for every team member to access.

Physical Security

Our data resides with Amazon Web Services (AWS). PortX team members do not have physical access to AWS data centers, ensuring an added layer of security. Learn more about AWS data center controls here.

Logical Access: Identification and Authentication

Personal User Accounts

Everyone accessing PortX’s IT resources, including employees and external partners, is assigned a unique identifier. This uniformity ensures accountability across platforms. Generic user IDs for regular use are strictly prohibited, and any activity under a user’s account is their sole responsibility.

Temporary Accounts & External Users

Occasionally, we establish temporary accounts for short-term contractors, guests, or auditors. We provision these accounts with rigorous role-based security and apply minimum access standards.

Generic and Service Accounts

These accounts are strictly controlled and primarily serve as emergency or system-interaction accounts. Only specific teams, like the IT staff and Incident Response team, can access privileged and emergency accounts. These accounts undergo strict logging and control measures.

Quarterly Access Reviews

Our Security Compliance Team carries out periodic access reviews, ensuring unused or inappropriate access is terminated promptly.

Computer Operations

Backups

PortX ensures daily backups of all databases. Our team reviews the backup policy yearly. While backups of employee endpoints aren’t maintained due to our reliance on cloud services, our engineering team routinely tests the backups for reliability.

Availability

We utilize dedicated Slack channels to address security incidents promptly. In addition, every team has an email alias, ensuring constant communication. High-importance incidents warrant a retrospective meeting and appropriate follow-ups.

Change Control

Our software undergoes rigorous change control processes. Developers work on localized code branches, making our system resilient to unintended changes. Any modifications undergo peer reviews and automated checks before merging into the master branch. This thorough approach ensures our software remains robust and trustworthy.

Data Communications

Firewall Systems

To filter unauthorized traffic, we utilize firewall systems and network address translation. Admin access to these firewalls is stringently limited to specific employees.

Redundancy

Our infrastructure is designed with redundancy to eliminate single points of failure, ensuring consistent uptime.

Penetration Tests

We engage third-party vendors for penetration testing, following standard methodologies to identify and address vulnerabilities. This is complemented by continuous vulnerability scanning using industry-standard tools.

Learn more about our commitment to security

Explore our comprehensive collection of legal documents. This includes our Privacy Policy, Master Services Agreement (MSA), Support and Maintenance Terms, Data Protection Policy, and other pertinent policies and agreements.
Explore PortX’s Documentation

Questions? Start a conversation.

Contact