SolarWinds Orion Cyberattack
Please note that OwnBackup does not use SolarWinds and is NOT affected by the recent related attacks. Our security team continues to monitor the situation and any other issues which may affect our services and report as necessary.
System Status
Uptime and Availability
View uptime and availability history for the OwnBackup service: http://status.ownbackup.com/
Enterprise-Grade Security
OwnBackup takes privacy and security very seriously. Our platform was built from the ground up with security in mind utilizing leading information-security best practices. We help our customers stay in compliance within a variety of data protection regulations.
For details on our security controls download our security controls document
Salesforce.com ISV Partner
OwnBackup is a Salesforce.com authorized ISVForce partner and undergoes annual security assessments from salesforce.com in order to maintain this status.
Data Encryption
OwnBackup’s security features ensure that data is always encrypted: both in transit and at rest. Our state of the art security measures include TLS 1.2 on every page in order to ensure all traffic to and from the website is always encrypted. Additionally, while at rest, the OwnBackup platform uses AES 256bit encryption and community-adopted oAuth authentication protocol to ensure passwords are never stored on our servers.
Compliance
SOC2
OwnBackup is SOC2 Type II compliant and completes an annual SOC2 compliance review, audited by well known industry licensing firms. This process ensures that information security practices, policies, procedures and operations meet or surpasses the rigorous SOC2 standards for security, availability, confidentiality and processing Integrity.
Privacy Shield
OwnBackup is certified with Privacy Shield. The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
HIPAA
OwnBackup is working in accordance with both the HIPAA and HITECH regulations. For customers that process Protected Health Information (PHI) and Personally Identifiable Information (PII) we are able to enter into a Business Associate Agreement (BAA). We utilize dedicated and a physically separated environment for HIPAA customers.
Hosting
OwnBackup instances and storage are available on both AWS and Azure. The service is hosted on AWS cloud platform in the USA, Canada, the European Union, and Australia. On Azure, the service is hosted in the European Union. These top-tier, secure facilities hold the following accreditations: SOC1 – SSAE-16, SOC2, PCI DSS Level 1, ISO 27001, HIPAA, FIPS 140-2, and more. These data centers are protected by the strictest security controls and physical access to the servers is restricted to authorized personnel only. OwnBackup’s services run on our own VPC (Virtual Private Cloud) inside AWS or an Azure Virtual Network inside Azure in order to further isolate our networks in accordance with network and security best practices.
Data Backups and Disaster Recovery Plan (DRP)
OwnBackup’s backup policies and procedures outline the different critical resources that are backed-up automatically. All production data is being backed up automatically twice a day onto a separate infrastructure. Furthermore, application level exports are also performed on our various tools and databases.
OwnBackup’s DRP is designed to ensure the continuation of vital business processes in the event of a disaster. The DRP enables recovery within the RPO and RTO needed to meet our SLAs. OwnBackup exercises its DRP twice a year.
For security related questions or to report an incident contact us 24/7 via email: security@ownbackup.com
