Our dedicated security team works round the clock to respond to security incidents and solving them is the top priority for our cybersecurity team. We understand the sensitivity of the data running of our platform and ensure to secure it.
We have a strict policy and have technical access controls which prohibit any employee access to any personally identifiable information. Provakil is compliant with ISO 9001 (Global Quality Standard) and ISO 27001 (Security Management Controls)
We continuously monitor for potential vulnerabilities and review and update our code and systems configuration to ensure your data is always protected by adhering to the industry best practices.
Provakil is GDPR-compliant, meeting our requirements as both a data controller and data processor
We conduct regular 3rd party security audits with empanelled security vendors and consultants on all Provakil’s applications and infrastructure to find vulnerabilities and to continually enhance security to protect your data.
Provakil employs Amazon Web Services (AWS) and Google Cloud Platform (GCP) to host its cloud servers
Both AWS and GCP are compliant with:
Provakil uses 2048-bit key encryption for encrypting the communication between clients and Provakil servers. We regularly test our SSL/TLS configuration against best practices by using the SSL Server Test tool and ensure that our rating is greater than 'A'.
Provakil offers hosting options in different geographies around the world to address any data residency requirements. Provakil’s hosting facilities are audited annually for security certifications (such as SOC 2 and ISO27001) to ensure they employ advanced physical security measures. Provakil also manages on premise deployment on client servers.
All the data from the DB server and other internal services is backed up daily. Apart from these backups, we also maintain redundant servers in the form of replicas for critical services like databases.
All servers of Provakil are placed in a virtual private network to provide logical isolation from the internet at large. We use state-of-the-art, peer-reviewed technologies to achieve this which protects Provakil's servers from Man-in-the-Middle attacks and other potential transport layer security vulnerabilities.
This allows us to give selective access to the functionality and the data within the product to the different users of the team.
Provakil has an SSO with Google, Okta, Microsoft Active Directory and Azure services to be able to leverage your organization’s centralized identity provider into Provakil. Provakil will automatically lock your account for a period of time after too many failed login attempts.
Provakil logs the IP address of every session for your account and actions taken by your users to help you monitor for suspicious activity.
We use the battle-tested, industry standard bcrypt algorithm to securely hash and salt the password, before saving it in our database. Provakil also has provisions to consider password policies from client specific regulations.