Comprehensive enterprise security
designed for industry leading companies
State of the art security
We developed Captario SUM on the Microsoft Azure platform based upon years of working with scalable enterprise security requirements. Azure utilizes Microsoft’s expertise designing and operating enterprise software, networks and systems to maintain strong safeguards to protect your data. In addition, we created a layer of security beyond what Azure has provided including firewalls and additional user authentication.
SOC2 Type 2
As a cloud services provider, Captario is committed to maintaining the standards necessary for safeguarding customer data and the operation of our service. We have established our SOC 2 Type 2 compliance and have entered the regular SOC 2 auditing process to evaluate and maintain our certification.
Authentication to suit your business
The Captario team appreciates that many businesses have different requirements for user authentication. To that end, we have implemented 2-factor authentication coupled with a centralized ability to kill user access when needed. In addition, customers have the option to use their own multi-factor authentication and couple it with our own single sign-on capability.
Industry leading encryption
Captario SUM utilizes a separate 256bit encryption key for each of our customers and our platform can support a customer provided encryption key if a particular security vendor is required. All data is encrypted at rest and in transit and all customer traffic is handled using a secure HTTPS with TLS v1.2 (or higher) network connection.
Captario has adopted the ISO/IEC 27001 specification as a best practice approach for establishing and maintaining an information security management system (ISMS). We have incorporated these best practices into how we manage our people, processes and technology. In addition, we undergo regular ISO/IEC 27001 audits.
Captario is committed to maintaining full GDPR compliance and enabling our customers to do the same in connection with the use of our products. Our Data Processing Agreement and Privacy Statement are available for review.
”Ensuring the security of our Customer’s information is ingrained with each Captario employee and it is a top priority for the company at all time and in everything we do.”
Johannes Vänngård, CEO
Highly secure infrastructure
Captario SUM is hosted within the Microsoft Azure Virtual Private Cloud and is protected with an extensive set of technologies.
All customer data is stores on scalable and secure Microsoft Azure databases and encrypted with AES-256 at rest and during transfer. All network connections in and out of Captario SUM are securely encrypted with SSL.
Secure data storage
Customer and system data are backed up every 5-10 seconds to allow for restoration of data in near real-time. Back-up locations can be specified by region to assure that the data is always available in the event of a wide-spread catastrophe.
Minimum Setup and No Maintenance
The Captario SUM platform can be setup within days and requires no system level setup work other than the use of public APIs to import data from 3rd party repositories such as MS Excel and MS Project. Our team is always standing by to help you get the most out of Captario SUM and you can leave the maintenance to us.
Multi-Region Data Storage
Data (and backups) can be stored in a specific regions upon request from our customers in order to comply with privacy legislation, internal legal requirements or disaster recovery plans. Data is housed separately for each customer and never comingled within any system process.
Coding and Testing Practices
The Captario team follows industry standard development and quality assurance practices. Extensive testing and a security audit is completed prior to any code release to assure that Captario SUM is maintained to the standards our customers expect. This includes coding reviews, manual and automated testing and an extensive code scan for security compliance prior to production deployments.
Microsoft Azure enables governance, compliance, operational auditing and risk auditing of Captario SUM infrastructure and services. In addition, we maintain our own access auditing and monitoring as an added layer on top of Microsoft Azure services. This combined view of system occurrences provides a comprehensive event history of our system, user login and usage.
Captario SUM and its infrastructure undergo frequent and extensive manual penetration tests by both internal resources and third-party vendors. In addition, automated vulnerability scanning is performed on the platform at regular intervals.
If you have questions about our security infrastructure or other technology used in the Captario SUM platform, we are here to help.