zesty.io

Product

Use Cases

Integrations

Learn

Security FAQ

Last modified on 2019-09-17 16:39:38

The following provides an in-depth overview of Zesty.io's security policies. For additional information please refer to our Terms of Service or Privacy Policy.

Question

Answer

What is Zesty.io used for?

What data is held by Zesty.io, and where is it hosted?

How will users be authenticated, that is, how do we know a user is entitled to use the application?

Is Zesty.io accessible from mobile devices such as cell phones and tablets? If so, can access be restricted only to company-owned devices?

If a user (employee) of our company leaves, how will that user’s access to the service be terminated?

If the data were compromised what would the impact to our business be?

If Zesty.io unexpectedly goes out of business or is otherwise unable to supply the service what would the impact on our company be?

Is Zesty.io's hosting solution SAS 70 type II certified?

Can Zesty.io provide a detailed information security policy?

What are the software development processes Zesty uses to prevent security defects. Can we request to audit your adherence to these processes.

Would our employees ever log on to your hosted systems in any way while our company is using Zesty.io?

How would you inform our company if a security incident or data exposure involving our company data occurred? What steps would you take to mitigate any damage to our company if such an incident occurred?

How quickly would you inform our company if a security vulnerability were discovered? What steps would you take to mitigate any damage to our company if such a vulnerability were discovered?

Are Zesty.io data centers ISO 27001 certified? Are ecommerce payments PCI DSS certified?

Are any third parties involved in the provisioning of Zesty.io? If so, how do you ensure that these third parties or sub-contractors cannot negatively affect the security level Zesty?

How does Zesty protect against loss of power, loss of network access, loss of other key infrastructural elements, non-availability of personnel due to severe weather events, and so on? Have you assessed these risks and do you have a documented business continuity or disaster recovery plan in place to address them?

Do you have an appropriately trained Information Security staff in place? What security certifications do they maintain?

Are Zesty.io employees aware of their obligation to maintain the confidentiality of all customer data? How is this documented? Are your business partners aware of their obligation to maintain the confidentiality of all customer data? How is this documented?

What do you do to protect against information security breaches by highly privileged insiders, such as inappropriate access to our company data by a system administrator?

May our company or our agents to carry out information security and data protection audits of your hosted solution? Will our company also be able to carry out such audits on your subcontractors?

Will access to our company data and to the networks and systems used to process the data be secured by two-factor authentication?

Will our company's data be protected by encryption both in transit and at rest?

How will our company's data be segregated from other customers’ data?

Is Zesty's team prepared to assist our company to produce its data as necessary for litigation (E-Discovery)?

How do Zesty.io system administrators enforce the principle of least privilege? Do any administrators have unrestricted access to customer data or the systems and networks used to process the data?

Is Zesty.io compliant with all applicable national and international data protection laws and regulations?

Are Zesty.io employees aware of their responsibilities under applicable national and international data protection laws and regulations?

Where is Zesty.io hosted?

Does Zesty.io process any personal data relevant EU data protection laws? As well as all applicable US state Privacy laws?

Who do I contact if my question was not answered above?

How can you contact us about this notice?

If you have any questions or concerns about the privacy policy please contact your account manager.