Privacy & Security FAQ
We're here to help
Below, you'll find the answers to some of the most commonly asked questions about privacy and security.
Who owns the data we process in your service?
As an Earnix customer, you control the data.
Where is the data processed?
Utilizing Amazon Web Services worldwide deployment, Earnix can provide processing services in the geography that is compliant with each client's regulatory framework. The AWS data center employs leading physical and environmental security measures, resulting in a highly resilient infrastructure.
More information about AWS security practices is available here.
How does Earnix secure its users’ access into the service?
Access to the Earnix solution is performed via the following authentication methods:
Credentials: username and password
Earnix supports the use of external identity providers, such as Okta, and Azure AD
MFA, and/or SSO can be configured upon customer request
How does Earnix ensure its service availability?
To ensure high availability of the Earnix Production service, Earnix applies high availability and redundancy practices through a scalable cluster of load-balanced servers, running in Active-Active mode. The nodes are located in physically different data centers and are backed up periodically.
How often is data backed up?
Earnix performs periodic backups and snapshots of key environment components. The encrypted backups are stored on, and retrieved from, a high resilience and distributed system provided by the AWS backup managed service. A 5-day backup cycle is implemented within the Earnix solution. Errors within the backup process are handled automatically using an immediate re-initiation of the backup sequence.
Does Earnix have a Disaster Recovery Plan?
Earnix disaster recovery (DR) plan is based on the guidelines of ISO 22301 (Business Continuity Management Systems). Earnix holds the ISO 22301 certification.
The robust, enterprise-grade cloud infrastructure is utilized in ways which are addressed as High Availability (HA) for critical components. It takes advantage of the vast infrastructure redundancy capabilities available as part of the data centres' spread and reach.
Does Earnix support secure deletion of customer data?
While in place, the system is configured to save the data indefinitely for the purpose of standard operation and persistency. Upon termination of the agreement, Earnix will engage with data destruction procedures that are in accordance with ISO 27001 security controls for secure data removal and destruction.
In the cloud, when a storage device has reached the end of its useful life, AWS decommissions media using techniques detailed in NIST 800-88.
Which security and privacy related regulations, standards and certifications does Earnix comply with?
We have the following certifications, reports, and compliance programs:
ISO 27001, ISO 27017, ISO 27018, ISO 22301, ISO 27701
Does Earnix have dedicated security personnel?
Yes. Our security efforts are guided and monitored by our CISO and security team, and wider security forum, which is composed of representatives from Infrastructure, R&D, Operations, Legal and IT Teams.
Does Earnix have an information security awareness program?
Yes. As part of our initial onboarding process, and on an ongoing basis (at least annually), our employees receive training regarding their respective information security obligations.