Understanding that data privacy and safety are paramount, we want to assure you that a significant part of our efforts is dedicated to security measures.
This article outlines the multifaceted security measures implemented by Lifecycle Manager, including physical, procedural, and technical defenses designed to maintain your information's integrity and security. Our primary responsibility is to safeguard the data entrusted to us by you.
Data security summary
Our dedication to security standards is crucial for your peace of mind. Here are the main points to note:
-
All accounts have the option of multi-factor authentication
-
See our How to set up added protection of MFA for members article for instructions on how to set it up
-
-
We strictly adhere to robust backup procedures and business continuity plans
-
We adhere strictly to both procedural and technical standards for, but not limited to:
-
Credential management and requisite requirements
-
Role-based privileged access control when necessary
-
Firewalls and restricted modern internal systems
-
Data security standards
When establishing a connection with Lifecycle Manager, we ensure minimal data exposure by accessing only what's necessary for service provisioning.
Frequent data backups are in place to guard against data loss and facilitate recovery. We apply strict access limitations on all systems and servers to bolster your information's protection. All access events, including physical ones, are logged.
Sensitive payment information isn't stored on our end but is managed by our trusted payment gateway, - Stripe.
Data Encryption
Data Protection
Lifecycle Manager uses industry-accepted encryption methods and products to protect customers personal data and communications during transmissions between a customer’s network and our services. This includes encryption for data during transmission over public networks and when data is at rest.
-
Encryption in Transit
-
All data transferred over public networks is encrypted via HTTPS/Transport Layer Security (TLS).
-
-
Encryption at Rest
-
Sensitive data at rest is encrypted using at least AES-256 or higher levels of encryption.
-
Credential encryption
We're happy to share these key points of our security standards surrounding credential encryption.
Passwords
-
All passwords are encrypted with AES-256-bit encryption
-
This includes a 2048-bit RSA public key, with unique secure random keys for each password
-
-
RSA private keys are encrypted with a secure, random RSA key passphrase
-
These are stored in an isolated bucket, locked down to only allow access from our servers as required for decryption
-
-
The decryption process takes place server-side
-
The private key passphrases (and private keys themselves) are not stored in the database
-
The private keys are stored in a secured bucket that is only accessible via the servers used for decryption
-
-
Decrypted password data is never written to disk
-
The web servers themselves are also locked down with multiple firewalls, access control lists for incoming/outgoing traffic, and key-based access.
Access to the Lifecycle Manager platform
-
Access to the Lifecycle Manager platform is restricted to strong SSL encryption over HTTPS
Credentials stored in Lifecycle Manager can never be recovered.
Secure Amazon hosting platform
We host data on Amazon Web Services’ (AWS) highly secure platform. The entire infrastructure is PCI-DSS certified and maintains PCI-DSS Level 1, SSAE16 SOC 1, SOC 2 and SOC 3, ISO 27001, 27017, and 27018. These certifications include their:
-
Security governance
-
Physical security
-
Network infrastructure
-
Change management
-
Administration practices
With these established services, Lifecycle Manager offers a secure, robust, and trustworthy application.
Data storage
We house data in secure SSAE 16 / SOC1 certified data centers provided by AWS. More details on AWS's SOC compliance can be found on their AWS SOC FAQ page.
Data stored in the Lifecycle Manager platform
To effectively deliver our services, we store the following hardware asset information on Lifecycle Manager:
-
Asset Name
-
Client and/or Site, Location
-
Asset type
-
Manufacturer
-
Serial number
-
User information
-
Member information per client
-
Software (such as the OS, e.g. Windows 10)
-
Age
-
Purchase date
-
Expiry date
Removing integrations will purge your data - Should you choose to remove an integration from your Lifecycle Manager account, all associated data will be wiped from our systems.
For more information, including GDPR considerations
If you'd like some more information, please read our Privacy Policy, as well as our Terms and Conditions.