DadeSystems top priority is keeping all of our customers’ data secure. We utilize an industry leading cloud provider who is recognized for their standards in security. To that end, we are audited annually for both the SOC1 and SOC2 audits we apply our own security protocols at the organizational, architectural, and operational levels to ensure that your data, applications, and infrastructure remain secure.
All DadeSystems employees receive security, privacy, and compliance training when they are hired. Regular training is held throughout the year to keep current on up to date security practices and new procedures. All employees at DadeSystems may have varying levels of security access depending on their role, and training is applied based on that role. In the end, security is everybody’s responsibility at DadeSystems.
Our customers are responsible for entering their data into the DadePay and therefore is the data controller. DadeSystems is the data processor. This means that you have full control of the data entered into services, as well as all setup and configurations. Because you control your data—and we only process it—you won’t have to rely on us to perform day-to-day tasks.
DadeSystems encrypts every sensitive attribute of customer data before it’s persisted in a database. This is a fundamental design characteristic of the DadeSystems technology.
DadeSystems security access is role-based, supporting LDAP Delegated Authentication, SAML for single sign-on, and certificate authentication for both user and web services integrations.
SAML allows for a seamless, single-sign-on experience between the customer’s internal web portal and DadeSystems. Customers log in to their company’s internal web portal using their enterprise username and password and are then presented with a link to DadeSystems, which automatically gives customers access without having to log in again.
DadeSystems Native Login
For customers who wish to use our native login, DadeSystems only stores our DadeSystems password in the form of a secure hash as opposed to the password itself. Unsuccessful login attempts are logged as well as successful login/logout activity for audit purposes. Inactive user sessions are automatically timed out after a specified time, which is customer configurable by user.
DadeSystems applications are hosted in state-of-the-art data centers designed to protect mission-critical computer systems with fully redundant subsystems and compartmentalized security zones. Our data centers adhere to the strictest physical security measures including, but not limited to, the following:
• Multiple layers of authentication for server area access
• Two-factor biometric authentication for critical areas
• Camera surveillance systems at key internal and external entry points
• 24/7 monitoring by security personnel
All physical access to the data centers is highly restricted and stringently regulated.
DadeSystems has established detailed operating policies, procedures, and processes designed to help manage the overall quality and integrity of the environment.
DadeSystems has implemented an enterprise Secure Software Development Life Cycle (SDLC) to help ensure the continued security of all applications.
This program includes an in-depth security risk assessment and review of DadeSystems features. In addition, both static and dynamic source code analyses are performed to help integrate enterprise security into the development lifecycle. The development process is further enhanced by application security training for developers and penetration testing of the application.
DadeSystems contracts with third-party expert firms to conduct independent internal and external network, system, and application vulnerability assessments.
We contract with a leading third-party security firm to perform an application-level security vulnerability assessment of our web and mobile application prior to each major release. The firm performs testing procedures to identify standard and advanced web application security vulnerabilities.
External vulnerability assessments scan all internet-facing assets, including firewalls, routers, and web servers for potential weaknesses that could allow unauthorized access to the network. In addition, an authenticated internal vulnerability network and system assessment is performed to identify potential weaknesses and inconsistencies with general system security policies.