...
...
...
...
Overview
...
This is a customer-focused details page describing the security in place for ZenGRC storage. As always, if you have additional questions feel free to reach out to support@zengrcsupport@reciprocitylabs.com.
Questions
...
Where does my data go?
ZenGRC uses Amazon S3 for storage when ZenGRC storage is selected. As such, we inherit many of the security and availability controls put in place by AWS. Details of AWS' security controls can be found here: http://docs.aws.amazon.com/AmazonS3/latest/dev/DataDurability.html
...
Data is encrypted with Amazon managed keys:
Each object is encrypted with a unique key employing strong multi-factor encryption. As an additional safeguard, it encrypts the key itself with a master key that it regularly rotates. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data
https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
Encryption in Transit
Data is encrypted using TLS 1.2 when in transit between the ZenGRC application and ZenGRC Storage (AWS S3). Data is encrypted between the ZenGRC application and user based on the highest version of TLS supported by the user's browser. The minimum version of TLS supported by ZenGRC is v1.1.
...
Data in ZenGRC Storage is stored in Amazon AWS data centers, and relies on the physical and environmental controls put in place by AWS. Reciprocity reviews the AWS SOC 2, Type II report annually to identify any deficiencies, and tracks any identified deficiencies through to closure.
What is your backup and recovery policy?
Please review our plan at ZenGRC Backup and Recovery Policy 10-31-2019.
How does access control work?
...