At PortX, our customers’ trust is paramount. That’s why we’ve integrated security at every level of our service. Leveraging a layered approach to security, we incorporate best practices at every level, from in-house measures to our choice of sub-service organizations. This page offers insight into our security measures to keep your information safe. If you have additional questions, please contact us at [email protected].
PortX is dedicated to upholding the confidentiality, integrity, and availability of the data entrusted to our care. We prioritize ensuring the security of both your data and our systems. Information security remains paramount and receives unwavering support from our top leadership. Our information security management framework is constantly evolving to align with premier security standards. Both internal and external audits routinely assess our security controls.
Our operations revolve around a diverse array of data types, including:
Data, regardless of its type, is fully compliant with all pertinent legal, regulatory, and contractual requirements. We don’t hold onto data any longer than necessary.
We ensure that data sensitivity, confidentiality, integrity, and availability are protected based on the customer’s security classification. This means that your data remains secure and retrievable as per your business needs without compromising on any legal or regulatory standards.
To further bolster our commitment to data security, we follow a stringent data classification policy:
By classifying our data, we can apply specific protection measures tailored to the nature and sensitivity of the data.
We follow a suite of formal IT policies and procedures encompassing:
All teams at PortX are mandated to abide by these protocols and deliver services with utmost safety. For transparency, our procedures are available on the company’s intranet for every team member to access.
Our data resides with Amazon Web Services (AWS). PortX team members do not have physical access to AWS data centers, ensuring an added layer of security. Learn more about AWS data center controls here.
Everyone accessing PortX’s IT resources, including employees and external partners, is assigned a unique identifier. This uniformity ensures accountability across platforms. Generic user IDs for regular use are strictly prohibited, and any activity under a user’s account is their sole responsibility.
Occasionally, we establish temporary accounts for short-term contractors, guests, or auditors. We provision these accounts with rigorous role-based security and apply minimum access standards.
These accounts are strictly controlled and primarily serve as emergency or system-interaction accounts. Only specific teams, like the IT staff and Incident Response team, can access privileged and emergency accounts. These accounts undergo strict logging and control measures.
Our Security Compliance Team carries out periodic access reviews, ensuring unused or inappropriate access is terminated promptly.
PortX ensures daily backups of all databases. Our team reviews the backup policy yearly. While backups of employee endpoints aren’t maintained due to our reliance on cloud services, our engineering team routinely tests the backups for reliability.
We utilize dedicated Slack channels to address security incidents promptly. In addition, every team has an email alias, ensuring constant communication. High-importance incidents warrant a retrospective meeting and appropriate follow-ups.
Our software undergoes rigorous change control processes. Developers work on localized code branches, making our system resilient to unintended changes. Any modifications undergo peer reviews and automated checks before merging into the master branch. This thorough approach ensures our software remains robust and trustworthy.
To filter unauthorized traffic, we utilize firewall systems and network address translation. Admin access to these firewalls is stringently limited to specific employees.
Our infrastructure is designed with redundancy to eliminate single points of failure, ensuring consistent uptime.
We engage third-party vendors for penetration testing, following standard methodologies to identify and address vulnerabilities. This is complemented by continuous vulnerability scanning using industry-standard tools.
Explore our comprehensive collection of legal documents. This includes our Privacy Policy, Master Services Agreement (MSA), Support and Maintenance Terms, Data Protection Policy, and other pertinent policies and agreements.
Explore PortX’s Documentation
