Advizr is hosted on Amazon Web Services (AWS). We rely on Amazon’s world-class platform as a service to run in a secure, scalable and compliant environment.
Amazon’s infrastructure implements SOC1 compliance guidelines (formerly known as SSAE 16 and SAS 70). As such, Advizr leverages all of Amazon’s compliance and security features, from their ultra-secure data centers to their high availability SLA.
For more information, please refer to Amazon’s compliance website (http://aws.amazon.com/compliance/).
Advizr utilizes Amazon Virtual Private Cloud (VPC), a logically isolated section of AWS, to provide advanced security and protection. The application servers and databases reside in private subnets. Firewalls and fined-grained network access control lists enable inbound and outbound filtering at the instance level and subnet level. By practicing the principle of least privilege, Advizr’s network is designed to protect against any unauthorized traffic and exposure to the Internet.
Files uploaded to Advizr’s Document Vault are encrypted in transit and at rest providing end to end security and protection. During transport, files are sent using 256-bit SSL/TLS encryption. Files are then stored using AES-256 encryption. Advizr implements strict access controls and policies to enforce privacy and ensure users can only access their files.
Advizr classifies data into two categories. General data that is not related to client information is stored in a secure MySQL database for which access is tightly controlled. More sensitive client data (listed below) is stored in a separate, highly secure database with an extra layer of encryption. This data is encrypted using bank-level 256-bit encryption technology.
Advizr collects and stores the following client information:
Advizr does not collect nor store any of the following:
Advizr implements strict processes and procedures for access to production environments and data. For example, employees cannot access production servers and databases and cannot circumvent account password protection. Only designated development operations personnel are allowed to access these servers for maintenance and upgrades. Furthermore, all access is logged and requires multifactor authentication and access keys that are regularly regenerated. Developers and quality assurance personnel are given access to a separate development environment.
Advizr provides administrative features such as user account creation, suspension and password reset.
Advizr keeps a detailed audit trail of all user access and activity in the application. Detailed activity reports can be provided to our clients upon request. Moreover, Advizr does not perform hard deletes of client records by default. All data is "soft" deleted by making it invisible to the user. Permanent deletions of client data can be performed upon request.
To insure data safety, we perform near-real-time and daily backups of our data. In the unlikely event of a loss of data, our data recovery procedure can restore lost data within minutes.
All client data is owned by the financial institution or the adviser. We do not share the data with third parties. Advizr might collect anonymous data at the aggregate level for the purpose of providing analytics and improving its product and services.