Time to innovate
One of the fruits of being self-funded is the time for extreme innovation. Over the years, we've developed extensive proprietary technology to support the complex needs of our clients. In fact, all of our products today are built on a unique isomorphic paradigm in which much of an application's logic can be run directly in the web browser, enabling even the most computationally intense operations to be performed at blazing fast speeds.
Security
Rotunda Software takes every measure to ensure that your data remains completely secure, both when it is stored on Rotunda's cloud servers and when that data is in transmission to and from those servers.
Cloud Server Security
Rotunda's web servers are housed in the secure data centers of Amazon Web Services (AWS). AWS has achieved ISO 27001 certification and has successfully completed multiple SAS70 Type II security audits. The U.S. government has awarded AWS an approval to operate at the FISMA-Low level, which means that government agencies operating on AWS infrastructure can achieve compliance with the Federal Information Security Management Act (FISMA). Additionally, AWS customers have built healthcare applications compliant with HIPAA's Security and Privacy Rules on AWS. Detailed information on AWS's security and compliance is available directly from Amazon.
Data in Transmission
All communication between client software and Rotunda's cloud servers is encrypted with the government approved AES-128 bit algorithm. This encryption technology is the same that is used to encrypt your financial information when you access your bank account online. Also, when volunteers access their schedules, the connection between their web browser and the Rotunda server is SSL enabled, which is the industry standard technology used to encrypt sensitive data.
PCI Compliance & Credit Card Info
Rotunda is certified as compliant with the Payment Card Industry Data Security Standard, a set of requirements designed to ensure that companies that process credit card information maintain a secure environment. All software payments are processed through the industry standard authorize.net. We do not store credit card numbers or security codes in our infrastructure. Instead, we leverage authorize.net's Customer Information Manager service to store credit card on authorize.net's ultra secure servers. As a result, there is no possibility that credit card information is compromised in the very unlikely event of a security breach of our database.
Security Audit
Redspin, Inc., a leading provider of penetration testing services and IT security audits, completed their most recent security audit of Rotunda Software, LLC in May 2019. After a thorough audit of our external network, application services, and validation services, Redspin, Inc. concluded: "Our assessments provide a reasonable basis for determining overall security risk. Rotunda Software, LLC employs an above-average level of security controls on their application, and the overall security posture of Rotunda Software appears to be well above industry average."