Roundpegg’s platform security is maintained by Heroku. Heroku is a cloud application platform used by organizations of all sizes to deploy and operate applications through- out the world. Our platform allows organizations to focus on application development and business strategy while Heroku focuses on infrastructure management, scaling, and security.
Heroku applies security best practices and manages platform security so customers can focus on their business. Our platform inherently protects customers from threats by applying security controls at every layer from physical to application, isolating customer applications and data, and with its ability to rapidly deploy security updates without customer interaction or service interruption. To read more about Heroku’s security, visit: https://policy.heroku.com/security
Roundpegg regularly performs application vulnerability scans that include testing for the OWASP (The Open Web Application Security Project) ten most critical web appli- cation security risks. Roundpegg actively addresses identified platform and application security issues and, depending on circumstances, can quickly deploy a security fix or temporarily disable functionality.
RoundPegg company policy strictly prohibits employees from printing any customer data or information without prior written consent from the customer.
RoundPegg isolates company data via role based authentication and company identification. Users must be credentialed in order to access company data and may only access company data for which they are attached. Strong passwords are required for authentication of all users. Backups of all data are maintained on a secure server via Heroku and may only be obtained using a secure console connection.
RoundPegg is hosted on Heroku. Heroku has it’s own disaster recovery plan that involves using multiple AWS zones and replicated databases and servers across zones.
Additionally, backups are automatically run by Heroku nightly on the application and the application data. This back is stored on a secure Amazon S3 instance. In the event of a complete Heroku failure lasting days, the application and data may be restored to a custom Amazon AWS instance in a matter of a few hours.
To report a security issue, the RoundPegg security team can be reached at firstname.lastname@example.org.