Security

您的文档安全是Pandadoc的首要任务。您的业​​务文档包含只有您和您的客户需要查看的信息,我们打算将其保持这种方式。每天,我们确保我们的安全与行业标准和合规性行为平行。

HIPAAcompliant

HIPAAcompliant

Pandadoc.is fully committed to helping healthcare providers protect patients’ healthcare information when sending ePHI via PandaDoc. PandaDoc is compliant with HIPAA and the Privacy Rule, as well as the Administrative Safeguards, Physical Safeguards and Technical Safeguards of the Security Rule.

Learn more
认证

认证

Pandadoc是SOC 2 II型认证。我们可以根据要求提供SSAE 18 SOC 2报告和合规的证明。Pandadoc服务托管在Amazon AWS平台上,本文件详细说明了我们利用亚马逊继续向客户提供安全性的大规模投资的方式。

Learn more
GDP.compliance

GDP.compliance

Pandadoc.recognizes that protecting privacy requires a holistic security program. We’ve completed extensive research and created a resources page with detailed information explaining what GDPR is and how PandaDoc is compliant.

Learn more
物理安全

物理安全

Pandadoc.data centers (handled by Amazon AWS) are state of the art, utilizing innovative architectural and engineering approaches. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure.

Learn more
第三方子程序

第三方子程序

Pandadoc目前使用第三方子处理器在尽职调查后提供各种业务功能,以评估他们的防御性姿势并执行需要每个子过程的协议,以维持最低可接受的安全实践。

Learn more
FERPA

FERPA

Pandadoc帮助学校促进教育工作者,管理员和学区和家长和学生之间的电子沟通,完全符合FERPA(20U.S.c.§1232G; 34 CFR第99页),以保护学生教育记录的隐私。

Software security

服务器和网络

All servers that run PandaDoc software in production are recent, continuously patched Linux systems. Additional hosted services that we utilize, such as Amazon RDS, S3 and others, are comprehensively hardened AWS infrastructure-as-a-service (IaaS) platforms.

贮存

Pandadoc.stores document data such as metadata, activity, original files, and customer’s data in different locations while also compiling and generating documents when requested. All data in each location is encrypted at rest with AES-256 and sophisticated encryption keys management.

Coding and testing practices

PandaDoc利用行业标准项目ming techniques such as having a documented development and quality assurance processes, and also following guidelines such as the OWASP report, to ensure that the applications meet security standards.

Employee access

We follow the principle of least privilege in how we write software, as well as the level of access employees, are instructed to use in diagnosing and resolving problems in our software and responding to customer support requests.

Isolated environments

The production network segments are logically isolated from other Corporate, QA, and Development segments.

客户付款信息

Pandadoc.uses external secure third party payment processing and does not process, store, or transmit any payment card data.

System monitoring and alerting

At PandaDoc, the production application and underlying infrastructure components are monitored 24/7/365 days a year, by dedicated monitoring systems. Critical alerts generated by these systems are sent to 24/7/365 on-call DevOps team members and escalated appropriately to operations management.

Service levels and backups

Pandadoc.infrastructure utilizes many layered techniques for increasingly reliable uptime, including the use of auto-scaling, load balancing, task queues, and rolling deployments. We do full daily automated backups of our databases. All backups are encrypted.

Vulnerability testing

Web application security is evaluated by the development team in sync with the application release cycle. This vulnerability testing includes the use of commonly known web application security toolkits and scanners to identify application vulnerabilities before they are released into production.

Application architecture

The PandaDoc web application is multi-tiered into logical segments (front-end, mid-tier, and database), each independently separated from each other in a DMZ configuration. This guarantees maximum protection and independence between layers.

负责任的脆弱性披露

如果您发现漏洞,请遵循负责任的漏洞披露过程to report it to our Security team.