Hello Customer
Security FAQ

We take security seriously and work tirelessly using military grade encryption and security to make your data as safe. Here’s a brief overview of what we do.

Reliability & Availability

Will Hello Customer’s software be available?

Yes! Our goal is to ensure continuous availability of the HC platform. Everyone at HC works tirelessly to ensure that you can access your HC portal when you need it and from wherever you are.

Does Hello Customer back up data?

Yes, only a fool doesn’t backup data. We take a snapshot of our data on a regular basis. This is stored in another data center ready to be deployed IF disaster strikes. All backups are stored for 30 days.

Does Hello Customer monitor its systems and software?

Yes! We use state of the art monitoring and measuring systems built into the Microsoft Azure Cloud. This means whenever an event is triggered, we can react quickly.

Does the Hello Customer software contain system redundancy?

Removing SPOF (single point of failure) is a key element to any cloud application. We utilize multiple server instances, VMs, load balancer and virtual networks to ensure availability remains high. And IF the smelly stuff ever hits the fan we have a backup site in Ireland we can failover to.

Application Security

Does Hello Customer encrypt data in transit?

Yes! Sessions between you and your portal are always protected with top end in-transit encryption, advanced TLS 1.2 protocols, and 2,048-bit keys.

Does Hello Customer encrypt data at rest?

Yes we do, we use TDE to encrypt data at rest.

How does Hello Customer protect its internal application network?

Making sure the bad people don’t get into our application network is super important. We have several systems that help us do this. Firstly there’s a good ol' firewall. This protects us against the normal stuff like DDOS attacks and brute force hacking.

But it’s not enough…

We go further by using an API Management Server, this validates and throttles all requests going into the back end. It also only lets through requests that have been approved, so it’s not as simple as sending a command to say, ‘give me all your data.’

Additionally we spit out the back end systems into several virtual networks. Who and what can access these networks is very limited.

In short, to get to the data you have to go through several layers of security, know a lot of secret information and decrypt the database. Not easy, even for the pro’s.

Does Hello Customer incorporate security into its software development lifecycle (SDLC)?

Yes! Hello Customers code is high quality from conception to deploy. We use automated static code analysis alongside human review to ensure development best practices are implemented across our code pushes.

Datacenter protections

Are physical security protections in place to protect my data?

Hello Customers services are hosted with the world’s leading data center Microsoft Azure. Access to these data centers is strictly controlled and monitored by security staff, tight access control, and video surveillance. Our data center partners are SOC 2 Type II and ISO 27001 certified and provide N+1 redundancy to all power, network, and HVAC services.

Even we don’t have access.

Software security

Can the Hello Customer team respond quickly to new security needs or threats?

We constantly monitor both our environment with Azure Security Center and best practice guidelines to make sure we plug all vulnerabilities before they become an issue.

Does the Hello Customer infrastructure detect and prevent attacks?

Yes! Hello Customer uses enterprise-grade intrusion prevention, and behavior analytics capabilities to protect infrastructure and thwart attacks.

Does Hello Customer rapidly patch and update when vulnerabilities are identified?

Yes! Hello Customer patch management process pushes security updates fast and consistently.

Does Hello Customer have an incident response program?

Yes! Hello Customers incident response program is responsive and repeatable. Incident process flows and investigation data sources are pre-defined and are refined through investigation follow-ups. We use standard incident response process structures to ensure that the right steps are taken at the right time.

Audits, Vulnerability Assessment & Penetration Testing

Does Hello Customer have a repeatable process for discovering and quickly correcting security bugs?

Yes! We test for potential vulnerabilities continuously in all layers of the technology stack. Dynamic application scans, code analysis, and infrastructure vulnerability scans are run every day, all day. Our Security systems hammer our services day-in and day-out to detect and quickly respond to flaws.

Does Hello Customer bring in outside third parties to find security issues?

Yes! We have regular PEN testing with ongoing code vulnerability scanning. 
 

What external audits or assessment results are available to review?

ISO27001.

Hello customer ISO 27001 certificate
HC-icon-17