Hassisto security & compliance features
Encryption
Record level encryption with AES-256 and HTTPS/TLS for transmission. Secure indexing and tokenization for search operations. Encryption keys (for each user) managed according to HSM standards.
Access control
Flexible and granular access control policies to define access rights for single users (or groups of users) to single documents (or collections of documents).
Immutable audit logs
Legally valid immutable logging system. Tracking of who accesses data, when it was accessed, and from where. Logs contain enough information in case of legal disputes, without violating users’ privacy.
Compliance requirements
Consent tracking via the API and available in the Console, Right to be Forgotten (RTBF) via API and encryption key deletion, data portability via API and Console using JSON data encoding.
API security & monitoring
Constant (24/07) security monitoring of the API status, attacks, and anomalies in the system. State of the art standards for API security, and constant updates of tools, plugins and libraries.
Backups
Daily incremental backups stored encrypted with AES-256 in two separate physical locations. Weekly backup history, plus four backups for the current month and one backup for each month for 6 months.