As AGS continues to grow, enterprises, governments, corporations, agencies, and small-mid-large companies are ramping up their subscriptions to our industry standard, out-of-the-box, and best-in-class Cloud change management toolkits, and asking for information about our security practices.
This page aims to cover these questions. Email us if you have any additional questions.
When using a Cloud based SaaS (Software as a Service) platform, key questions (or concerns) that organizations have is what securities does the Cloud based platform have in place to ensure consumer and organizational data is protected.
This is a common question that all Cloud platforms receive including platforms like Oracle, Salesforce, Microsoft SharePoint, SAP, ServiceNow, Workday, Slack, Box, Dropbox, and many more, including AGS.
See below for highlights on AGS’ security processes, policies, and controls.
Policies and Procedures
AGS uses a variety of methods to ensure that your organizational data that is entered into our platform is safe, secure, and available only to registered users in your organization.
Our operational policies ensure that we provide all our AGS team members with the necessary practices to build upon the strong foundations of their security onboarding. We utilize these policies daily and review them regularly.
AGS has implemented the following internal policies:
- Information Security Policy
- Access Control Policy
- Backup Policy
- Change Management
- Data Classification Policy
- Data Protection Impact Assessment (DPIA) Policy
- Data Protection Policy
- Data Retention Policy
- Disaster Recovery
- Security Risk Management & Governance
- Third-Party Risk Assessment Process
Security is at the forefront of AGS’ development mindset. We’ve built both internal and external security checkpoints into the AGS application development pipeline.
Our Engineering team embraces the culture of peer-review, ensuring that our coding guidelines are followed and maintained. We validate our deployments with regular ongoing security assessments, conducted with industry-leading external vendors.
We strive to have a long-term architectural vision for our application security that is continuously evolving. As we build new features for our product, we identify reasonable opportunities to further this vision in iterations, while maintaining a conscious security mindset.
AGS Data Backups
At AGS we use Database replication to keep your data safe in the case of system failure. Full database backups are taken every day, stored on safe locations, and kept for seven days as an electronic copy. In case two or more database nodes would fail concurrently we would have to revert to a backup.
Data backup does not apply to visitor visitations to our sites. We only back up consumer data (templates & dashboards).
Data Privacy and Security
AGS utilizes some of the most advanced technology for Internet security available today.
When you access our site using a supported web browser, Secure Socket Layer (SSL) technology protects your information using both server authentication and data encryption. When you log in and access any page on your account, you will see a small lock icon at the top left section – to the left of the page’s URL – indicating that a secure connection has been established to our server.
AGS provides each user in your organization with a unique username and password that must be entered each time a user logs in. AGS issues a session “cookie” only to record encrypted authentication information for the duration of a specific session.
The session “cookie” does not include either the username or password of the user.
AGS does not use “cookies” to store other confidential user and session information, but instead implements more advanced security methods based on dynamic data and encoded session IDs.
Secured Environment and Firewalls
In addition, AGS is hosted in a secure server environment that uses a firewall and other advanced technology to prevent interference or access from outside intruders. Customer Data is stored on a primary database server with multiple active clusters for higher availability.
Customer Data is stored on highly redundant carrier-class disk storage and multiple data paths to ensure reliability and performance. Backups are verified for integrity and stored in the same data centers as their instance.
Using your AGS account you can export or generate backup files of your data on a daily, weekly or monthly basis depending on your edition. You can export all your organization’s data into a set of comma-separated values (CSV) Excel files, as well as restoring your data as needed from a previous backup.
For further details, please refer to the following:
- Ability to Export Your Template Data
- Ability to Export Your Analytics Dashboards
- How to Restore Your Data from Backups
- Where to Access Your Download History
- Ability to Clear Your Data, and Use Your Template for a New Project
AGS takes the safety of its clients’ data very seriously.
We comply with a number of international standards, including PCI DSS, FISMA, ISO/IEC 27001:2005, SAS 70 Type II, SysTrust, and Eu-US and Swiss-US Safe Harbor.
Data collection and transmission
Firewalls are in place exposing only the necessary ports through the internet and between different servers. Intrusion protection system (IPS) software is in place as a second layer of security, which will block access as soon as any suspicious login activity is detected.
AGS transmits data from the visitor’s browser to our system using HTTPS.
AGS Architecture & Security
Data in transit is encrypted using the following protocols and ciphers:
- SSL Protocols
- SSL Ciphers
AGS is committed to keeping your data private and secure. To this end, we have expressly stated how we will handle your private data.
- AGS Legal
- AGS Non-Disclosure Agreement (NDA)
- AGS PCI Compliance
- AGS’ Commitment to the GDPR
Email us if you have any questions: Contact AGS.