Most of our clients give us remote access to their servers so we can manage their eAutomate data.
We have a Non Disclosure contract with you that was designed by the BTA attorney Bob Goldberg, he designed it for our clients, to ensure their data was protected. We only work with dealers running eAutomate, it is a small, tight group, even an accidental disclosure would be a major problem for us.
We typically connect to your server via LogMeIn. LogMeIn published a whitepaper on security practices that are built in to keep connections secure. Our LMI has 2FA enabled for everyone and we have an audit trail of who and when a connection to your server was established. All passwords including those used to access your server is stored in an encrypted password management vault.
Our software is installed on your server, so all queries originate and remain in your network. All email alerts use your SMTP/Mail server, so it will follow your email policies to send to your users or customers. We may add our email on some alerts temporarily to confirm delivery and accuracy, but those messages are purged within 5 days.
For clients that require MFA before connecting (such as Duo), that information is stored in our vault, there are just 4 team members that receive the notification and while they receive the notification on a personal mobile, we have a process to remove the mobile should any of the 4 members leave Juice. We will also notify all clients with MFA if one of these 4 key members leave.
As of April 2023 we are undergoing a new Risk Assessment audit from Cyber74.com
0 Comments