Security
We know how critical your data is to you, therefore security is at the forefront of everything we do.
Steps we take to ensure your security
Compliance Program ISO/IEC 27001:2022
RedminePRO by HAZERCLOUD™ maintains active ISO/IEC 27001 compliance and is annually audited by an independent, certified third party. Our ISO/IEC 27001 Security, Availability & Confidentiality Report is available to current and prospective customers, please contact us at [email protected] for a copy. All of RedminePRO by HAZERCLOUD™ infrastructure is hosted on Amazon Web Services (AWS). RedminePRO uses AWS data centers that are SOC 1, SOC 2, PCIDSS, and ISO/IEC 27001 certified in the US East and EU West regions.Third-Party Testing
RedminePRO uses our External Security Tool yearly for penetration and security testing. Our test reports are available to current and prospective customers, please contact us at [email protected].Encryption
All RedminePRO data and communications are encrypted using industry best practices.- Encryption At-Rest: All databases and disk volumes are encrypted using AWS KMS (FIPS 140-2 validated) and the industry-standard AES-256 algorithm.
- Encryption In-Transit: All communications with RedminePRO services and APIs use Transport Layer Security (SSL/TLS 1.2+) for secure connections. View our Qualys SSL Report.
- Encrypted Backups: All customer data is continuously backed up in an encrypted format, with point-in-time recovery capabilities. We validate our data recovery procedures regularly as part of our business continuity and disaster recovery processes.
Privacy And Confidentiality
No RedminePRO by HAZERCLOUD™ staff will access your data unless required for support reasons. When working on a support issue we only access the minimum data needed to resolve your issue while respecting your privacy. Access to data is restricted by job function and monitored.Access Controls
All data is private by default and only accessible to you.Single Sign-On
RedminePRO uses Role-Based Access to access the resources.Secure Authentication
All user passwords are stored salted and hashed and cannot be recovered by RedminePRO staff.Optional Two-Factor Authentication (2FA/MFA) support is available for an additional layer of protection of your account.
Secure Configuration and Change Management
RedminePRO uses vulnerability scans, and automated testing with servers continuously kept up to date with the latest security errata.Credit card security
If you subscribe to RedminePRO by HAZERCLOUD™ paid plans, your credit card data is not transmitted through nor stored on our systems. We use a payment processor called Stripe, a company entirely dedicated to this task. Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available. Read more about Stripe’s security.Need to report a security vulnerability?
Please email us directly at [email protected]Responsible Disclosure
We strive to keep RedminePRO safe and secure for everyone. If you have discovered a security vulnerability we would greatly appreciate your help in disclosing it to us in a responsible manner. We will work with you to assess and understand the scope of the issue and fully address any concerns. Emails are directly sent to our Security and Engineering staff to ensure that issues are addressed rapidly. Any security emails are treated with the highest priority as the safety and security of our service is our primary concern.We’re committed to keeping your data secure and your private information private. If you have any questions, please contact us.
Steps we take to ensure your security
Compliance Program ISO/IEC 27001:2022
RedminePRO by HAZERCLOUD™ maintains active ISO/IEC 27001 compliance and is annually audited by an independent, certified third party. Our ISO/IEC 27001 Security, Availability & Confidentiality Report is available to current and prospective customers, please contact us at [email protected] for a copy.
All of RedminePRO by HAZERCLOUD™ infrastructure is hosted on Amazon Web Services (AWS). RedminePRO uses AWS data centers that are SOC 1, SOC 2, PCIDSS and ISO/IEC 27001 certified in the US East and EU West regions.
Third-Party Testing
RedminePRO uses our External Security Tool yearly for penetration and security testing. Our test reports are available to current and prospective customers, please contact us at [email protected].
Encryption
All RedminePRO data and communications are encrypted using industry best practices.
- Encryption At-Rest: All databases and disk volumes are encrypted using AWS KMS (FIPS 140-2 validated) and the industry-standard AES-256 algorithm.
- Encryption In-Transit: All communications with RedminePRO services and APIs use Transport Layer Security (SSL/TLS 1.2+) for secure connections. View our Qualys SSL Report.
- Encrypted Backups: All customer data is continuously backed up in an encrypted format, with point-in-time recovery capabilities. We validate our data recovery procedures regularly as part of our business continuity and disaster recovery processes.
Privacy And Confidentiality
No RedminePRO by HAZERCLOUD™ staff will access your data unless required for support reasons. When working on a support issue we only access the minimum data needed to resolve your issue while respecting your privacy. Access to data is restricted by job function and monitored.
Access Controls
All data is private by default and only accessible to you.
Single Sign-On
RedminePRO uses Role-Based Access to access the resources.
Secure Authentication
All user passwords are stored salted and hashed and cannot be recovered by RedminePRO staff.
Optional Two-Factor Authentication (2FA/MFA) support is available for an additional layer of protection of your account.
Secure Configuration and Change Management
RedminePRO uses vulnerability scans, and automated testing with servers continuously kept up to date with the latest security errata.
Credit card security
If you subscribe to RedminePRO by HAZERCLOUD™ paid plans, your credit card data is not transmitted through nor stored on our systems. We use a payment processor called Stripe, a company entirely dedicated to this task. Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available. Read more about Stripe’s security.
Need to report a security vulnerability?
Please email us directly at [email protected]
Responsible Disclosure
We strive to keep RedminePRO safe and secure for everyone. If you have discovered a security vulnerability we would greatly appreciate your help in disclosing it to us in a responsible manner. We will work with you to assess and understand the scope of the issue and fully address any concerns. Emails are directly sent to our Security and Engineering staff to ensure that issues are addressed rapidly. Any security emails are treated with the highest priority as the safety and security of our service is our primary concern.