Security FAQ

The privacy and security of your data is our top priority. Keep your content safe with the industry best-practice security measures we've put in place. Please contact us directly if you'd like more information about our security. 

 

How/where is your application hosted?

We utilize Amazon Elastic Compute Cloud (AWS) for hosting. Their security specifications are among the tightest in the hosting industry. We store files on Amazon S3, a highly secure, scalable, and redundant storage tool.

Do you perform regular backups?

We perform regular backups of our data every night, both of our database, and search index. Backups are stored on a separate cloud server.

Which application architecture, platforms and systems are used to collect, store, and utilize customer data (application platform, application servers in use, database platform and design, etc)?

  • Application Platform: Java/Spring framework
  • Application Server: Tomcat
  • Web Server: Apache
  • Database Platform: MySQL 5.6

How often are these systems patched?

Weekly patches using the updates provided by the Vendor.

How is customer data protected (authenticated and encrypted) in transit between the customer’s networks and RFP365'€™s networks?

RFP365 requires SSL (https) for all interactions with the application.

How are user credentials/data stored and protected?

User credentials are stored in our secure database and passwords are encrypted using an industry-standard, strong cryptographic hashing algorithm with user specific salt.

Is there a role-based structure that is used to authorize access to the application?

Yes. Administrators have access to all data within an account and can configure granular access permissions for users. Roles include: Administrator, Manager and Contributor. Contributor Roles can be customized for fine level of access to proposals, knowledge, and RFPs. A user may be a Contributor on Proposal A and have no access or any other role on Proposal B.

How are user authorizations/roles configured and maintained?

Account Administrators configure and maintain each user's roles throughout the application. RFP365 support personnel may assist if needed to help customers choose the ideal role(s) for each user.

How do you handle payment processing and how is that data stored?

RFP365 utilizes Stripe as our payment gateway and all financial data is stored within their platform. No financial information is stored within the RFP365 application or database. Stripe has been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available. 

What sort of security and training policies do you have in place for RFP365 employees?

Every RFP365 employee has completed a thorough background/employment screening process, signed employee confidentiality agreements and received extensive training to ensure they know exactly what to do, and what not to do.