Heartpace Security and Compliance

Don't compromise your cybersecurity efforts with careless third party partners. At Heartpace, we take security seriously and you can rest assured that your data is in capable hands. We apply top-notch security technologies and rigorous processes that put the safety of our customers' data first.

  • Culture of Security

    We've been security-minded since day one, putting security first in every step of the development lifecycle. Our entire Heartpace product team has been through security training and holds one another's work accountable through regular code reviews, penetration tests, and vulnerability scans.

  • Heartpace is committed to platform security

    • Whole-disk encryption

      Whole-disk encryption

    • Access controls at per-thread granularity

      Access controls at per-thread granularity

    • White listing of individual processes, users, ports, and addresses

      White listing of individual processes, users, ports, and addresses

    • Regular penetration tests and vulnerability scans

      Regular penetration tests and vulnerability scans

    • AES 256 encryption

      AES 256 encryption

    • A strong Software Development Lifecycle (SDLC)

      A strong Software Development Lifecycle (SDLC)

  • Certifications and Compliance

    Our internationally recognized certifications speak volumes about Heartpace’s commitment to data security. Heartpace is a native cloud application and uses AWS technologies. AWS's data center operations have been accredited under:

    ISO 27001
    • ISO 27001
    • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
    • Compliant with EU General Data Protection Regulations
  • Physical Security, Logical Data Separation, and Encryption

    We keep data logically separate and tag all data by organization throughout the lifecycle. No data is transmitted to Heartpace without encryption. AES 256-bit encryption protects all data at rest, and spinning disks are encrypted at the OS level. Data is kept for long term on Amazon S3, encrypted by a customer key that is changed every 24 hours.

  • User-Level Security

    Heartpace maintains stringent password standards. A secure session ID tracking mechanism ensures that only authorized users are able to authenticate. Finally, Heartpace’s Role Based Access Control (RBAC) features allow our customers to set up per-user permissions to all of their data from the admin console.

  • Testing Program

    The Heartpace security team runs scans on all new servers to check for vulnerabilities. On a weekly basis, we run fully credentialed scans of every new code build including:

    • ASV scans
    • Penetration tests
    • Local file intrusion
    • Remote file inclusion
    • Unvalidated redirect
    • And more

Have a question?

Contact us