Security How vendors safeguard your data can differ. Standard Occasional Unique Encryption Log data retention Two-factor authentication Encrypt all of our sensitive data, Some vendors offer flexible log data retention Add a second layer of security to protect fraudulent access to authentication, and tokens. policies designed to fit your requirements. your account. Network security Virtual private cloud Password prompting All communications between Data is held on servers, not open to the public. Any significant account action will prompt a user to re-enter your browser and a vendors Session management her password. website are encrypted via HTTPS. Monitor sessions by IP address, location, time, Behaviour modeling browser and operating system and revoke access to To detect unusual or suspicious activity on a user’s account, we use prevent unauthorized access to your account. technology to build intelligent models of user behaviour. Resilience How vendors ensure high availability can differ. This is an important criterion for any organization that intends to depend on their workflows. Standard Occasional On-call policy Workflow backup Most vendors have an around-the-clock support network of engineers who work very hard to Vendors’ should store snapshots of their customers’ keep a vendor’s software running all of the time. They typically have an on-call policy for their business logic so they can revert them if necessary. engineers to be available just in case. Infrastructure backup Data backup Infrastructure should be replicated and backed up so that Vendors’ platforms should have automatic back-ups built in so data is never at risk of being lost. no capabilities are at risk of shutting down. 33