Data Privacy & Security Summary

Yotascale has a strong commitment to information security that extends from the security team to senior levels of the organization. This is demonstrated by having implemented the following information security controls:

  • All data is stored in the United States usingĀ Amazon Web Services
  • All data is encrypted at rest using AES-256 and in-transit using at least TLS 1.2.
  • All data is backed up daily/weekly/monthly and Disaster Recovery Plan is tested/updated annually.
  • Production systems can only be remotely accessed by authorized employees possessing a valid multi-factor authentication (MFA) method.
  • Yotascale requires authentication to production datastores to use authorized secure authentication mechanisms, such as unique SSH key.
  • Yotascale prohibits confidential or sensitive customer data, by policy, from being used or stored in non-production systems/environments.
  • An infrastructure monitoring tool is utilized to monitor systems, infrastructure, and performance and generates alerts when specific predefined thresholds are met.
  • Yotascale utilizes a log management tool to identify events that may have a potential impact on Yotascale’s ability to achieve its security objectives.
  • Yotascale ensures that user access to in-scope system components is based on job role and function or requires a documented access request form and manager approval prior to access being provisioned.
  • Yotascale has a mobile device management (MDM) system in place to centrally manage mobile devices supporting the service.
  • Yotascale is working towards SOC II Type 2 in 2023.

Yotascale’s security status is monitored by Vanta: