Security.
From time to time, organisations ask us security questions about sheepCRM. In general, we don’t like to expose much information about our security practices, because it only helps the very people we’re securing ourselves against. But we understand security is important to you, so we’ve decided to post answers to the questions we feel are most important for our customers to know.
Where do you host sheepCRM?
sheepCRM is hosted in UK data centres, using MongoDB Atlas on Amazon Web Services (AWS). AWS use industry-leading security systems and are trusted by brands including UCAS, Vodafone, Expedia and Siemens – as well as Amazon itself.
Amazon web services are:
PCI-DSS Level 1 Service Provider
ISO 27001 certified
Independently verified and audited
SAS-70 Type II and SSAE16
More information about Amazon security and MongoDB Atlas
Is our data safe and secure?
Yes. We have appropriate physical, technical and organisational security measures to ensure your data is kept safe and secure.
All information is transferred securely using 256-bit HTTPS, just like online banking applications. The database storage and backups are encrypted at rest.
Authentic Digital Ltd (our company) is a registered data controller and all data is stored in the UK.
We manage our database using real time replication. That means that whenever you make a change we save it to at least three different places. Like a jumbo-jet losing an engine but still flying we can lose two databases and still keep running. We also take a backup of the database every hour.
We do everything required by law or regulation but we consider that the baseline. We continually evaluate whether we can and should do more.
We do not sell the personal information of our customers to third parties.
APPLICATION LEVEL SECURITY
sheepCRM account passwords are hashed. Our own staff can’t even view them. If you lose your password, it can’t be retrieved—it must be reset.
All login pages (from our website and mobile website) pass data via HTTPS.
The entire Sheep application is encrypted with HTTPS.
No credit card information is stored within Sheep.
INTERNAL IT SECURITY
Our office network has extremely limited exposure to Microsoft Windows. And that’s all we have to say about that.
All employees sign a Non Disclosure (Privacy) Agreement outlining their responsibility in protecting customer data.
Access to encryption keys is held by the smallest number of employees possible.
What are my responsibilities?
We can secure ourselves but you have a responsibility to ensure that your own computers are also secure. If your computer or Sheep account get compromised that is bad for us too. If you believe your account may have been compromised please change your password immediately and notify us at security@sheepcrm.com
You must choose a strong password that is unique to Sheep and not re-use an existing password.
You must never tell anyone your password. Sheep employees will never ask for your password.
You should change your password at least every 90 days
We recommend using a secure password manager such as LastPass or 1Password. These help you easily create and remember strong, unique passwords.
Don’t send any confidential data to us using email. Especially data to be imported or account credentials. (Contact us and we will advise on secure sharing)