Blue Onion Labs
- Data Security
- Data Encrypted In-Transit
Blue Onion Labs uses the strongest encryption products to protect customer data and communications, including 256-bit encryption over HTTPS with 2048-bit key pairs using extended validation certificates and forward secrecy support.
- Passwords Encrypted
Passwords are stored in the database and are protected with a one way encryption.
- Data Retention Policy
One Full Backup plus the prior week's Archive Logs are retained both on a database server and on a backup staging server, both in the secure production environment. In addition, every week the most recent Full Backup plus the prior week's Archive Logs are encrypted and written to a tape (tapes are utilized only in the US, digital backups are utilized in other locations). Each week's encrypted tape is retrieved by Blue Onion Labs staff and sent via secure courier to offsite vaulting. Tapes older than 90 days are returned to Blue Onion Labs from offsite vaulting and are destroyed or reused within one week; reuse deletes all existing data on the tape. Thus, Full Backups are retained on tape for up to approximately 100 days.
- Availability & Reliability
- Data Redundancy
Customer information in the Blue Onion Labs’ production environment at our Hosted Service facility resides on one of several database servers. As part of our service, and included within your subscription cost, we provide complete backup protection to ensure your data is protected, retained and available to you. Backups are part of our Redundancy Protection Program but are also periodically required by individual customers where they wish to restore their Blue Onion Labs application from a prior date.
- Infrastructure Redundancy
Blue Onion Labs and our Hosting Service partners provide complete redundancy within the boundaries of specified geographies and backup support services are part of each customer's subscription. The Heroku data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week.
1 more topic
- Organizational Security
- Personnel Screening
Prior to production system authorization all employees undergo rigorous screening and have to sign a non-disclosure/confidentiality agreement.
- Multi-Tenant Architecture
Blue Onion Labs is a multi-tenant system with one instance of the database and one instance of the application. It is designed to make it impossible for one customer to access another customer's data. Unlike many other on-demand applications, we do not co-mingle customer data. Therefore, each customer's Blue Onion Labs application utilizes a unique and separate set of tables within the database. It is not possible for one customer's data to be accessed by anyone other than that customer's authorized users. The Blue Onion Labs support staff cannot view your data without receiving explicit permission from the customer.
- FISMA - Moderate - Data Center
6 more topics
Sign up to view Blue Onion Labs's Subprocessors
Sign up to see the rest of Blue Onion Labs's posture and unlock unlimited access.
Unlimited access to the directory allows you to review and compare thousands of security postures sourced from around the web.