Security Overview 

As a workplace program discovery tool, Five to Nine uses rigorous infrastructure and administrative procedures to protect all customer information. We maintain a highly secure environment that meets the physical and data protection requirements needed by your business. Your safety and trust are our #1 priority when working with us, and we’ve implemented the policies and procedures to ensure secure usage of our platform.

Risk Management

Five to Nine monitors for potential incidents related to security and/or privacy. Events are reported through a tracking system and trigger internal alerts, data collection, isolation, correction, and prevention measures. We will notify a customer’s security team about any specific incident.

Business Continuity and Disaster Recovery

Five to Nine technology resources are designed to withstand disruptions in normal operations. All internal systems are cloud-based, enabling execution from multiple locations in the event of a disaster. All customer-provided services are managed in various zones, eliminating single points of failure.

Policies & Procedures

Five to Nine policies, procedures, and training address data privacy, security, and regulations including employee background checks, handling of confidential information and data retention. We require all our third-party technology partners to meet the same level of data privacy and security requirements.

Vulnerability and Penetration Testing

Five to Nine follows secure coding practices consistent with the Open Web Application Security Project (OWASP) and utilizes peer review throughout the development process. Security testing includes code review, penetration testing, and employing static code analysis tools on a periodic basis to identify flaws.

Security Features

Physical Security

Five to Nine uses data centers that are secure, guarded, and monitored 24/7 utilizing video surveillance, intrusion detection systems and other electronic means. Authorized staff must utilize multi-factor authentication to access any data center. All physical access to data centers by AWS employees is logged and audited.

Certifications

Five to Nine complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield. Third-party organizations and companies have certified AWS with many laws and compliance regulations including ISO, InfoSec, and GDPR.

Encryption

All encryption and other cryptographic functionality used within the Five To Nine services uses industry standard encryption and cryptographic measures aligned with the standards promulgated with FIPS 140-2.

Physical Security

Systems are backed up regularly with backups stored off-site. If any data is lost or becomes temporarily unavailable, it can be restored from the latest backup. Backups are stored on the Amazon S3 service with high availability and reliability, persisting the data across multiple availability zones.

Incident Management

Five To Nine maintains an up-to-date incident response plan that includes responsibilities, how information security events are assessed and classified as incidents and response plans and procedures. In the event of a security breach, Five To Nine will notify Customers without undue delay after becoming aware of the security breach.

Data Separation

Five To Nine uses logical separation within its multi-tenant architecture to ensure data segregation between customers. Customers only have access to their own Customer Data which is available upon request.