Answers to our most commonly asked questions Simply click on the question to get your answer - click again to close Back to page 1
13.) Do you have detailed data-in-transit and data-at-rest diagrams?
At rest data is encrypted
Ref Fig 1.1 – Network Diagram Click here to see diagram.
14.) How and where is the data encrypted?
All the remote connections will always go through a single connection whose data is encrypted in-flight with AES256.
Data at rest is encrypted and only authorized application users will have transparent access to data.
15.) Are there any points within the system which are not encrypted?
End-to-end (Browser to Database storage) data is encrypted for all PII and system access. System executables, logs/traces that do not contain any sensitive information are not encrypted but access controlled.
16.) What level of encryption is used; the key type, bit level, ciphers used, and other pertinent information for HTTPS, SQL, and other interconnected network and data devices?
Application access is protected with TLS 1.1 encryption standard.
Internal systems communication is encrypted with AES256.
17.)Where are the front-end and back-end SSL certificates issued from?
GoDaddy Inc. US.
18.)Whom has access, and from where, to view, modify, and delete the certificates and encryption?
SmartERP System and Application Administrators.
19.)Where, how many, and how frequently are backups completed, stored, and restored?
Daily backups are taken locally on the database servers and uploaded to secure cloud-based storage in the US. Our backup retention target is 30 days.
20.)Whom has access, and from where, to view, modify, or delete the backup data?
a. SmartERP Database Administrators.
21.)Whom has access, and from where, to view, modify, or delete the backup data?
SmartERP Database Administrators.
22.)What is the data retention policy (current customers)?
Data related to all ongoing candidate processes, is always present.
ii. For all ‘completed’ onboarding processes, customers determine how long to retain the sensitive PII data in the system, 30/60/90 to 999 days. Beyond this point (3 years) all sensitive PII data will be eliminated from the system.
22.)What is the data retention policy (past customers)?
Upon contract expiration/termination, SmartERP downloads all customer data (PII and non-PII) and provides it to the customer (Soft copy). This can be downloaded form a cloud storage software/application.
Post this (usually 30 days) the sensitive PII data will be purged from the system.
If you couldn't find the answer to what you were looking for, feel free to email us at info@smarterp.com
