Mensch has taken as a mission to keep its customers’ data secure and apply all measurements possible to ensure personal data is safe and protected, in accordance with best practices, industry standards, and legislation.
Tenant’s data - Separation of tenant’s data is done logically, we are using sharding and partitioning to separate the data and access it quickly and securely for each tenant.
Files Encryption - Our files associated with the employee are stored in S3 buckets, under secured logical "folders". We are also encrypting all the documents which contain signatures, to support the UETA standard.
Encryption Keys - We store encryption keys in AWS KMS for data we encrypt throughout the application.
Backup - DB Backup is being done on a daily basis on different AWS EU regions for quick recovery.
Protection - To protect our servers, we are using AWS security guides & best practices. numerous tools and services are being used to protect our infrastructure and our customers’ valuable data:
a. AWS DutyGuard
b. AWS WAF
c. Different VPC for each environment
d. Private VPN to terminal usage and auditing of such usage
CI/CD - We reduce employees’ access to Production environment by using Docker & KBS to deploy our environment.
3rd party Security - We use 2FA for every 3rd party that allows it.
Mensch 2FA - Mensch supports 2FA internally for users that were created within Mensch or giving the option to use Google Auth/Office365 to Log-in to Mensch
3rd party GDPR - 3rd party services are used in correlation to GDPR regulation.
Security tests - We constantly perform security tests to ensure the safety of our application and data. Pentesting, security scans, and thread detection is being done by numerous services.
SOC2 - Mensch is in the process of SOC2 auditing and we hope to finish the process within the scope of 2019 H2.
Code inspection - Code Reviews are done for every line of code that goes into production, to maintain high-quality code and prevent security breaches.
Data Transfer between Client & Servers - Mensch is using HTTPS as its an industry standard. The encryption of the data is based on TLS (Transport Layer Security) using a Symmetric-key algorithm, with 256-bit Key.
Who has access to Mensch database? Mensch limiting access to its database, allowing no more than a handful of senior employees the access (CTO, 2 Senior employees, Head of CS access to UI). The access to the database is protected by a secure VPN service.
We are constantly mapping our app with relevant tools.