When considering data security and safety, we always reflect and apply the following three aspects:
Security by design
Technical security
Operational security
All of these aspects and related measures are guaranteed by Zive contractually to its customers through the applicable contract work and the data processing agreements specifically.
Security by design
We believe that the most important security measures are already taken during the development of a software platform. This is when certain architectural design decisions are being made that ensure that the least amount of data necessary is being processed and that data is processed and stored securely. For example, a specific software architecture is required to ensure all data in transit and at rest can be fully encrypted with the latest encryption technology while making sure that the platform continues to perform at the desired speed.
Our software engineering teams are comprised of highly skilled and experienced software architects and developers that have decades of experience building reliable business software. Further, we make sure to keep our engineering teams trained on the latest security developments and technologies.
As a consequence, Zive was built from the ground up with security and personal data protection as a top priority. Our software architecture follows that of a state-of-the-art cloud platform, adopting patterns like least privilege, logical separation, service-oriented architectures, separation of concerns, and infrastructure as code. Due to this unique architecture, Zive does not require a full copy of the customer data. Instead, Zive only keeps a metadata representation (knowledge graph) due power the customers' searches and AI conversations.
Technical security
No software can work without data which is why it is important to apply strict security measures to protect the data actually used by an application. As described above, we have developed Zive to minimize the data needed as well as the transactions and places needed to store it. Click here to learn more about the type of data that Zive stores.
The data that is required for Zive to work is protected through a variety of technical measures, each of which we review and improve regularly according to current standards. These measures include, amongst others:
Encryption of all data in transit and at rest using latest TLS and AES encryption technology
Data integrity validation using signatures / hashes
Regular system and software updates
Firewalls and virus scanning
Internal virtual networks
Pseudonymization wherever possible
Separation of production and development systems
Separation of different processing systems
Separation of different storage systems
Separation of tenant data
Logging and audit trails
This list only outlines the most critical and common practices applied by Zive. Please review your data processing agreement (DPA) with us which includes details about the specific detailed measures taken.
Operational security
Besides measures taken on the architectural and technical level, we apply all standard procedures on an operational level to ensure customer data is protected at all times. These measures include, amongst others:
Physical and virtual access controls
Strict access and account management
Device management
Separation requirements
Non-disclosure agreements with employees and sub-processors
Regular employee trainings
Logging and audit trails
External data protection officer