PROdb Security
Please have a look at our PROdb Security and Privacy Policy page, and the following additional points.
Regarding eSolia's Partner Foresoft
eSolia has been a business partner of Foresoft since 2010, more than 14 years so far. Foresoft is a trustworthy partner and service provider, providing exemplary support for a superior platform. Unplanned system downtime has been extremely low (status page).
Foresoft is PCI compliant, assessed by Trustwave Holdings. See details on Foresoft's "Security and Stability" page here.
Infrastructure Housing
The Top Level Tier-3 datacenter housing PROdb is operated by Steadfast Networks, located at 350 East Cermak Road, Chicago, Ill, USA, and features 2N redundancy for all aspects of the infrastructure including power, HVAC, network and security. Steadfast have achieved SAS70, SSAE16 and HIPAA compliance. See here and here, as well as:
In the event that clients would rather not be hosted in the USA, Foresoft also offers their platform in Microsoft Azure's West EU datacenter in the Netherlands. Whereas the Steadfast DC is co-location of physical servers, Azure is a cloud offering which meaning it is database hosting, data and file storage, on virtual servers. See Microsoft's pages regarding Security and Compliance Certifications.
Tip
A fee-based private cloud option is available on Azure, giving you access to virtual device logs and other information.
Rock Solid Application Security
PROdb is encrypting data over the wire via 256-bit (SHA2) TLS certificate, using TLS 1.2, 1.1 or 1.0 preferring the stronger variant by default. The database and all file attachments are encrypted using AES256.
All servers are running fully-patched Windows Server 2019 operating system, with Microsoft SQL Server 2019 Enterprise Edition as the database server.
All Microsoft patches, hot fixes and updates are installed on a weekly basis, with the most critical installed immediately upon release.
Any planned maintenance requiring restarts will occur weekly on Saturdays from approximately 15:30 JST, and clients will be informed of such a maintenance window in advance.
All systems are passing a monthly penetration test performed by Trustwave SecureTrust.