Building Customer Trust by ensuring Data Security

 

Acquire Security

Acquire takes security as a top priority while dealing with Customers’ data. We strive to implement robust and flexible security processes and practices to keep your data safe. No matter if it’s the client logging in or a visitor starting a chat the data exchanged is encrypted in transit and at rest. A multi-layered approach is implemented by Acquire to support its People, Process, and Technological security requirements

Acquire Security Model

Login Security
Acquire supports user authentication, user permission levels and activity trails to define the level of security within the application.
Each user can Log in with their unique username and password with specific authorization and permission level, as controlled by the account administrator.
Password complexity can be customized accordingly with your organizations environment. Authentication is established over HTTPS encrypted protocol and passwords are subsequently stored in a database that is encrypted.

Infrastructure Security

Acquire network, infrastructure and architecture have multiple protection layers that ensure the highest levels of security and control, which include:

Access Control
  • All customer data is considered highly sensitive and protected and access is least privilege. All of our servers within our Network are with Access Control Lists (ACL’s) that prevent unauthorized requests getting to our internal network.
  • Strict firewall rules prohibit access to necessary ports for the usage of the service, to ensure limited access to production environment.

Development, Patch and Configuration Management

All changes to the production system, be they code or system configuration changes, require review prior to deployment to the production environment.

All system changes are peer reviewed and patches are deployed as relevant to their level of security and stability impact, with critical patches able to be deployed well within 24 hours of availability as appropriate.

Network Security

Acquire uses firewall services for monitoring and alerting on abnormal behavior or system configuration changes.

All communications with the outside world passes through access-list enabled routers. Only HTTP and HTTPS protocols are allowed to into or out of Acquires’ service network.

Logical security

Acquire ensure strict privacy controls to ensure data privacy and prevent one customer from accessing another customer’s data. Customer data is logically protected and segregated in a way that ensures only authorized entities are able to access it. Access goals mechanisms have been implemented to efficiently support this goal.

Web Application Security

The main service that Acquire protects is live chat. All visitors ‘tagged’ with Acquire tracking code and the chat sessions between chat agent and visitors are monitored.

The Application Service Provider (ASP) and Software as a Service (Saas) models provide maximum flexibility for the broadest swatch of potential customers worldwide.

Data transferred to and fro from the web applications are secured with web application firewall.

Chat sessions are fully encrypted with 256bit encryption.

Restricted redirection- Web domain has been designed to restrict the customers being redirected to malicious domains.

IP restrictions- List of IPs is predefined so that can be blocked to prevent unauthorized users.

Data and Encryption Policies

All changes to the production system, be they code or system configuration changes, require review prior to deployment to the production environment.All system changes are peer reviewed and patches are deployed as relevant to their level of security and stability impact, with critical patches able to be deployed well within 24 hours of availability as appropriate.

Data Collection

As an Application Service Provider, unless configured otherwise, Acquire collects Information such as Chat and messaging transcripts and information related to browsing on behalf of the brand.

Automatic information such as web browser and usage information, IP address, operating system, browser types, page view tallies, page browsing information and type of device used are also collected.

Personal information such as name and contact information, surveys, and transcripts with Acquire are collected as a part of visit to our website and use our apps.

Encryption In-transit

Acquire’s end-to-end encryption ensures that only communicating users can read what is sent, and nobody in between, even Acquire. Messages are secured with a lock, and only the recipient and sender have the special key needed to unlock and read the message.

The cryptographic keys used to encrypt and decrypt the messages are stored exclusively on the endpoints.

Encryption At-rest (Data within Acquire)

Acquire uses a Security Hash Algorithm (SHA2) for all password entries.

Acquire stores the customers’ sensitive data such as Name, Email, Phone Numbers, Remarks, and chat transcripts in MySQL Database.

MySQL enables Data-at-rest encryption by encrypting the physical files of the database. Data is encrypted automatically, in real time, prior to writing to storage and decrypted when read from storage. As a result, hackers and malicious users are unable to read sensitive data from tablespace files, database backups or disks.

Encryption Keys

Acquire has adopted a Centralized Key Management Solution by Azure Key Vault which enforces clear separation of key from the encrypted data. The encryption, key management, and decryption process is inspected and verified internally by Acquire.

Key Management Service is compliant with current standards such as NIST and FIPS.

Datacenter

Acquire takes security as a top priority while dealing with Customers’ data. We strive to implement robust and flexible security processes and practices to keep your data safe. No matter if it’s the client logging in or a visitor starting a chat the data exchanged is encrypted in transit and at rest. A multi-layered approach is implemented by Acquire to support its People, Process, and Technological security requirements

Secure and trusted service providers

Acquires services are hosted in advanced data center operated by a recognized industry leader MICROSOFT AZURE. Acquire has selected this vendor based on their proven leadership in hosting services for high-capacity businesses. Our vendor adheres to the highest industry standards of quality, security and reliability. Their commitment enables Acquire to deliver 24-hour service, 365 days a year to our customers.

Security

Azure meets a broad set of international as well as regional and industry-specific compliance standards, such as ISO 27001/27002:2013, FedRAMP, SOC 1 and SOC 2, CSA, FIPS 140-2, HIPAA,ISO/IEC 27018, PCI-DSS, UK G-Cloud.

Business Continuity and Data Backup

Azure ensures that the customers can balance the need to store backups at multiple locations in case of a disaster with the need to keep their data out of certain geographies. Microsoft provides clear data maps and geographic boundary information for all datacenters.

Physical and Environmental Security

Azure runs in geographically distributed Microsoft facilities, sharing space and utilities with other Microsoft Online Services. Each facility is designed to run 24x7x365 and employs various measures to help protect operations from power failure, physical intrusion, and network outages. These datacenters comply with industry standards (such as ISO 27001) for physical security and availability. They are managed, monitored, and administered by Microsoft operations personnel.

Security Awareness and Confidentiality

Security awareness and customer data access policies are covered during employee onboarding as appropriate to the role and employees are updated as relevant policies or practices change. Employees also sign a Confidential Information and Intellectual property Agreement.

In the event that a security policy is breached by an employee, Acquire reserves the right to determine the appropriate response, which may include termination.

Vetting

All employees undergo an extensive interview process before hiring. Employees with direct access to the production environment undergo a criminal background check. Other employees may undergo a check depending on their role (academic for legal roles, credit for finance, etc).

Incidents and Response

Acquire have implemented a formal procedure to deal with security events and have made the staff aware on our policies.

When security events are detected they are escalated to the respective response team, Response time to address the event is 2 hours. We make sure to notify the supervisory authority of Personal Data Breach within 72 hours of becoming aware of the breach.

Regulatory Compliance

Acquire have adopted industry-best security practices to meet regulatory and security compliance requirements.

ISO 27001:2013

Acquire is actively working on developing Policies and Procedures to meet the requirements for ISO 27001 Compliance.

Improve your Business Today

Kickstart your 14 day free trial now. No Credit card required.