Privacy & Security
Earnix Security Culture
Information security and privacy are core values for Earnix. We are intent on ensuring our security program remains both cutting edge and a leader in the industry.
We adapt and confront change with ever-evolving discipline, continuing to ensure that we protect the confidentiality, integrity, and availability of our customers' data.
Encryption
Earnix provides a secure, reliable, and resilient Software-as-a-Service platform that has been designed from the ground up based on industry best practices.
Earnix secures data using strong, industry-standard algorithms:
Data in transit are encrypted using standard Transport Layer Security (TLS 1.2)
Data at rest are encrypted using 256-bit Advanced Encryption Standard (AES-256)
Application Security
Privacy and Security are interwoven by design in Earnix’s solutions. Secure development principles and aspects are defined and integrated into the company’s development processes including but not limited to OWASP top 10, CIS, and AWS secure development recommendations. Formal Secure System Development Life Cycle (SSDLC) procedures are in place.
Access Control
Both access rights policy and access controls are implemented based on roles, need-to-know, and least privilege principles.
Rules and principles are set for both granting access rights to the information systems and monitoring the connection to the network.
The Earnix solution supports the following authentication methods:
Single Sign On (SSO) with customer’s Identity Provider (IDP)
Multi Factor Authentication (MFA)
Auth0
JWT token
Data protection
Earnix puts in place appropriate technical and organizational measures to ensure that, by default, data is processed as per Earnix contractual obligations. This applies to the amount of data collected, the extent to which it is processed, the duration for which it is stored, and access control according to need-to-know and least privilege principles.
Earnix implements technical and organizational measures and Sensitive Data Processing Principles in order to effectively implement and integrate necessary safeguards.
Penetration testing
Earnix undertakes penetration tests on an annual basis. The tests cover both the infrastructure (e.g., the AWS infrastructure) as well as the Earnix application itself. Both processes are conducted by an independent external vendor which specializes in cyber security and cloud technologies.
High Availability
The robust enterprise-grade cloud infrastructure is utilized in ways that address high availability for critical components and make use of the vast infrastructure redundancy capabilities available as part of the data centers.
Backup, Disaster Recovery and Business Continuity
The Earnix solution is certified with ISO 22301 (Business Continuity Management Systems). Cloud deliveries are managed in accordance with Disaster Recovery (DR) practices, which utilize a wide range of AWS platform features for resilience, backup, and high availability. The platform includes several levels of redundancy on all infrastructure levels, including network, electricity, Internet provider access, etc.