Updated: Dec 06, 2019

 

CONFIDENTIALITY

Accessing the data, you and your users make available is by our employees, is strictly controlled. The operation of the Pickit services requires that some employees have access to the systems which store and process Customer Data.

As an example, in order to diagnose a problem, you are having with Pickit we may need to access your Customer data. These employees will only access the data when it is necessary, and only then. We log all access and do regular audits.

All of our employees and contract personnel are bound to our policies regarding Customer Data and we treat these issues as matters of the highest importance within our company.

 

PERSONNEL PRACTICES

All employees and contract personnel are trained in privacy and security when starting at Pickit. We also perform background check before employment.

 

All employees are required to read and sign our information security policy.

 

We enforce screens lockouts and the usage of full disk encryption for company laptops.

 

COMPLIANCE

The following security-related audits and certifications are applicable to the Pickit services: 

  • ISO 27001 and SOC2: Pickit actively works with ISO 27001 and SOC2, to comply with these standards. Pickit is currently not certified.
  • PCI: Pickit is a PCI Level 4 Merchant and has completed the Payment Card Industry Data Security Standard’s SAQ-A. We use a third party to process credit card information securely. Pickit is not currently a PCI-certified Service Provider.

The environment that hosts the Pickit services maintains multiple certifications for its data centers, including ISO 27001 compliance, FedRAMP authorization, PCI Certification, and SOC reports. For more information about their certification and compliance, please visit the Microsoft Azure website and here to find all Azure audit reports.

 

DATA ENCRYPTION IN TRANSIT AND AT REST

The Pickit services support the latest recommended secure cipher suites and protocols to encrypt all traffic in transit. Customer Data is encrypted at rest.

 

AVAILABILITY

We understand that you rely on the Pickit services to work. We're committed to making Pickit a highly available service that you can count on. Our infrastructure runs on systems that are fault tolerant and trustworthy.

 

NETWORK PROTECTION

In addition to system monitoring and logging, we have implemented two-factor authentication for all server access across our production environment.

 

LOGGING

Pickit keeps a logging environment in its production environment which contains information pertaining to security, monitoring, availability, access, and other metrics about the Pickit services. These logs are analyzed for security events via automated monitoring software.

 

INCIDENT MANAGEMENT

In the event of a security breach, Pickit will promptly notify you of any unauthorized access to your Customer Data. Pickit has incident management policies and procedures in place to handle such an event.

 

EXTERNAL SECURITY AUDITS

We use external security firms to perform regular audits of the Pickit services to verify that our security practices are sound and to monitor the Pickit services for new vulnerabilities discovered by the security research community.

 

SECURITY BY DESIGN IN PRODUCT DEVELOPMENT

New features, functionality, and design changes go are built with security by design. In addition, our code is audited with automated static analysis software, tested, and manually peer-reviewed prior to being deployed to production.