Security at Pasito
Security is a foundational element of Pasito’s product design and operations – security is first and foremost. Pasito’s security program is built upon industry-recognized standards and we continuously improve Pasito’s security program to remain in line with industry standards. Pasito’s security program is designed to:
- Ensure the security and integrity of Customer Data;
- Protect against threats or hazards to the security or integrity of Customer Data;
- Prevent unauthorized access to Customer Data;
- Ensure the availability of the Pasito Product;
- Safeguard information as set forth in any local, state, or federal regulations by which Pasito may be regulated.
Pasito uses industry-recognized encryption to protect data at rest and in transit. Pasito uses AES 256-bit encryption to protect data at rest in backend data stores and TLS 1.2 (or higher) to protect data in transit.
- Service level agreements
Pasito builds resiliency into its products to provide robust service level agreements for uptime for customers.
- Data Storage and Isolation
Pasito’s customers’ data is always stored properly — encrypted at rest in Pasito’s backend databases or object stores in Pasito’s cloud service providers. Data from one customer cannot be accessed by another customer. Pasito’s production environment is isolated from Pasito’s development and testing environments.
- Access Management
Access to production systems and data is restricted to vetted, authorized personnel. Personnel access is established based on roles, using the principle of least privilege, and requires multiple factors to authenticate.
- Data Location and Redundancy
The Pasito Product is hosted on Amazon Web Services (AWS), which has robust security and privacy programs, as well as commitments to encryption, data security, confidentiality, and availability. Pasito’s AWS environments are built with resiliency and scale in mind, with the ability to distribute documents and servers between various physical locations within an AWS region. These regions are built to use geographically dispersed physical locations within the same region to allow for effective redundancy and protection against disaster that might impact a single location within a region.
- Single Sign-On (SSO)
Pasito encourages its customers to use their identity and access management technology or SAML-based Single Sign-On (SSO) provider to authenticate to Pasito. Pasito plugs into popular SSO solutions, for example, Okta.