DatumSync Security & Compliance 

DatumSync is a cloud-based service and leverages the features and security of Microsoft’s Azure platform. Being state-less, DatumSync never stores any client data and thereby significantly limits any exposure to data hacking threats. Furthermore, DatumSync communicates with most endpoints via SSL encryption on port 443, ensuring that data is encrypted as it is moved between systems.

DatumSync also takes full advantage of the security and compliance standards set forth by Microsoft Azure, which include the following:

  • General Data Protection Regulation (GDPR)
  • ISO 27001
  • HIPAA
  • FedRAMP
  • SOC 1 and SOC 2
  • IRAP (Australia)
  • G-Cloud (UK)
  • MTCS (Singapore)

Source: https://azure.microsoft.com/en-us/overview/trusted-cloud)

 

 

Data Management and Encryption

DatumSync uses industry-standard security and encryption to protect customer data. More specifically:

  • DatumSync does not save any customer data on its servers.
  • DatumSync stores passwords, if required, encrypted in a server-side database.
  • DatumSync uses the same encryption of the various endpoints to ensure data remains secure during transmission.

Data Security during Workflows

DatumSync runs stateless and does not store any client data.

  • DatumSync connectors leverage the endpoint security provided by the systems it is connected to.
  • All transmitted data between DatumSync-connected systems is encrypted using SSL.

Password Security

DatumSync grants access to the system based on rights assigned by an administrator. A user can only see modules to which access has been granted.

  • Permissions are provided to users based on pre-defined access roles.
  • DatumSync ensures that users only have access to the functions that they should have access to.