What are your security practices?
All communication between users and RPM is encrypted in transit using TLS. Database backups are encrypted at rest and in transit using AES 256. Databases at rest are encrypted using AES 256.
Software security practices
RPM performs manual and automated regression and manual testing on every version of RPM we develop. Security testing is performed on RPM’s live servers using Netsparker.
- RPM does not allow obsolete SSLv3 connections (requires TLS).
- RPM does not store plain-text passwords.
- RPM does not require the client to have Java or Flash.
- RPM Software employees with access to the production network is tightly controlled, can only do so over individual VPN connections, and require two-factor authentication.
Notification and data access
RPM have internal policies and processes for all aspects of operating RPM including such things as data access, change management, disaster recovery, account security, and security breach notification.