Handling of user account and passwords, what are the procedures you have in place? Passwords hashed and salted?
Passwords are always hashed and encrypted.
Data transfer outside cloud, is data encrypted and to what standard?
Data is transferred using https (over SSL) for both inbound and outbound traffic
Data transfer inside cloud, is data encrypted and to what standard?
Data is transferred using https (over SSL) for both inbound and outbound traffic. File uploads/downloads can also be batched using SFTP
Where is your data storage and how secure is it, physically?
Data storage is dependent on geography and based in the relevant Microsoft Azure datacenter. For most European customers this means storage is in DC on Ireland (Azure North Europe) and for most US customers the storage would be West US, East US or the DC located in South Central US (at the moment). Some US customers have their accounts in EU-region and vice versa so exactly where the storage is located is hard to say explicitly but the rule is customer gets the storage in the closest DC used by ReadSoft Online.
Do you do security reviews, penetration tests?
Yes, we perform internal reviews continuously and external ones are performed at least on a yearly basis. Latest external penetration test is from April.
What are your continuity plans?
We have incident management processes (operations) and error management processes (defects and bugs in the SW) in place. We have people on-call should incidents arise.
What are your policy regarding selling and sharing of our data and our customers data?
We don’t sell or share our customers data