Displayr has achieved SOC 2 Type I compliance in accordance with American Institute of Certified Public Accountants (AICPA) standards for SOC for Service Organizations also known as SSAE 18. Displayr was assessed according to AICPA's Trust Service Criteria for Security, Confidentiality and Availability. Achieving this standard with an unqualified opinion serves as third-party industry validation that Displayr provides enterprise-level security for customer's data secured in Displayr.
- Authors of Displayr documents are required to have a unique user name and password that must be entered when a user first logs on.
- Passwords are stored using one-way encryption.
- "Cookies" are used to store information about users inside each user's web browser. The cookies do not include either the username or password of the user.
- Transport Layer Security (TLS) technology protects user information and uploaded data. This uses both server authentication and data encryption, ensuring that user data is safe, secure, and available only to authorized persons.
- User data uploaded to a dashboard, and our backups of this data are encrypted at rest.
- Passwords and credit card information are always sent over secure 128-bit encrypted SSL connections.
- Our procedures for managing payments and account information are PCI-DSS compliant.
- Credit card information is not processed, stored or transmitted on our servers. It is handled directly by third-party payment processors who are PCI-DSS compliant.
- Displayr runs in data centers managed and operated by Microsoft. These geographically dispersed data centers comply with key industry standards, such as ISO/IEC 27001:2013, for security and reliability. More information is available from Microsoft.
- The latest patches are automatically applied to our public-facing servers.
- Security policies and software restrictions are in place to:
- Prevent unauthorised persons from gaining access to our systems and underlying data.
- Limit access of authorised persons to only the data they require in the course of their role.
- Ensure only specially authorised persons are able to modify access rights to our systems.
- Protect against the accidental deletion of important data.
- Procedures are in place to ensure:
- Data storage mediums are destroyed or wiped before a system is disposed of.
- All new employees are made aware of our security policies and their relevant responsibilities.
- All employees leaving the company have their access rights immediately revoked in our systems.
A penetration test is conducted annually against https://app.displayr.com/ by a trusted third-party using methodologies built on internationally recognized standards.
To supplement this annual test, https://app.displayr.com/ is also scanned quarterly by a third-party Approved Scanning Vendor (ASV) according to Payment Card Industry Data Security Standards (PCI DSS).
Reporting vulnerabilities/security incidents
Vulnerabilities and applicable security incidents should be reported to email@example.com, this address is monitored by our developers.
What we do if there is a security breach
- Attempt to notify affected users electronically within a timely manner.
- Review our policies and procedures to mitigate the risk and limit the effect of a similar breach in future.
Security and R contains information about the security of R calculations.