Data security at Rotunda Software
In a time when data and security breaches are happening at an alarming rate, data security has never been more critical. While some companies tout their security measures merely as a platitude, Rotunda Software places the safety and security of our data as one of our top priorities. Not only are we concerned with the security of our data, and the data entrusted to us by our customers, but also in the security of the technology providers that we partner with.
Here are four valuable questions to ask when evaluating any company’s security protocols, and how Rotunda Software approaches each.
Who has access to my payment information?
As part of our commitment to Payment Card Industry Data Security Standards (PCI DSS) compliance, we partner with Authorize.Net, one of the largest payment gateways available, to store sensitive payment information and process payments for returning customers and recurring transactions. This protects our customers confidential information and gives our customers the convenience of not having to re-enter their personal data every time they renew a software license. We do not store any credit card numbers or security codes within our own infrastructure. As a result, there is no possibility that your credit card information can be accessed in the very unlikely event that there is a security breach of our database.
What are the security certifications performed?
In May 2019, Rotunda Software brought in Redspin, a leading provider of penetration testing services and IT security audits, to complete a thorough audit of our external network, application services, and validation services. John Nye, Redspin’s Senior Director, concluded that “Rotunda Software, LLC employs an above-average level of security controls on their application, and the overall security posture of Rotunda Software appears to be well above industry average.”
Where is data stored, and is it physically secure?
Rotunda Software’s web servers are housed with Amazon Web Services (AWS), a cloud infrastructure platform that powers hundreds of thousands of businesses in countries around the world. AWS services and data centers have multiple layers of operational and physical security to ensure the integrity and safety of your data. Your information, and the information of your volunteers, is never shared or sold, and access is limited only to key internal personnel.
How is data encrypted when being relayed through the public internet?
All communication between your client software and our cloud servers is encrypted with government-approved AES-128 bit encryption, which is the same used to encrypt your financial information when you access your bank account online. Also, when volunteers access their schedules, the connection between their web browser and the Rotunda Software server is SSL enabled, which is an industry-standard technology used to encrypt sensitive data.