The main purpose of this document is to describe the level of availability of the platform.

Content:

• Availability and accessibility target

• Hosting architecture description

• Security monitoring

• Security backups

• Infrastructure and application security

• Patch management

• Network security

• Physical security

• Maintenance services

• Support services

• Severity levels description

• Response and resolution times

• Update services

The main purpose of this document is to describe the security measures and responsibility shares between Agorize and the client.

Content:

• Agorize’s architecture / Shared Security Model

• Agorize and Cloud Providers responsibilities

  • Cloud Providers responsibilities

  • Agorize responsibilities

• Data localization

• Agorize’s commitments

  • Privacy controls

  • Organizational controls

  • Physical access controls

  • System access controls

  • Methods of authentication on Client platforms

  • Available roles inside platforms

• Disclosure controls

• Input controls

• Disaster recovery controls

• Purpose separation controls

• Encryption

• Appendix 1: Agorize platform architecture diagrams

• Appendix 2: Detailed architecture inside kubernetes cluster

The main purpose of this document is to describe how Agorize uses the client’s data and under which category this data is.

Content:

• Nature and purpose of the data processing

• Types of Personal Data Processed

• Categories of Data Subjects

• Data Protection Contacts

• List of Agorize Sub-processors

Agorize undertakes to comply with the provisions of the General Regulations on the Protection of Data (GDPR) and to protect the privacy of its customers, employees and partners commercial.

Appendix of the GDPR Data Processing Agreement

Statement regarding Web Accessibility with WCAG A-AA compatibility

Content:

• IT Systems and Assets management process

• Agorize protection against inappropriate management of IT Assets and Systems

• Requirements ensuring systems usage within contractual limits

• ensure purchases align with Agorize’s strategic plans and comply with set standards

• Information Asset Registers of IT systems

• IT Department asset management system registration

• IT assets are compatible, supported, maintainable and correctly licensed

Change Management provides a process to apply changes, upgrades, or modifications to the Agorize production environment. This covers any and all changes to the hardware, software or applications. The process is used for any change that might affect one or all of the environments that the Agorize customers rely on to conduct normal business operations. It also includes any event that may alter the normal operating procedures.

Content:

• 1. Acceptable Use Policy

• 2. Confidential Data Policy

• 3. Email Policy

• 4. Mobile Device Policy

• 5. Password Policy

• 6. Infrastructure Policy

• 7. Wireless Access Policy

• 8. HR Security Policy

• 9. Incident Management Policy

The scope of this plan is focused on localized disasters such as fires, floods, and other localized natural or man-made disasters. This plan is not intended to cover major regional or national disasters such as regional earthquakes, war, or nuclear holocaust. However, it can provide some guidance in the event of such a large scale disaster.

Logical Access control rules and procedures are required to regulate who can access Agorize information resources or systems and the associated access privileges. 

This policy applies at all times and should be adhered to whenever accessing Agorize information in any format, and on any device.

The Data processing aggreements, aka DPA, are standard contractual and legal documents signed between Agorize and all sub-contractors processing platform's data.

Content:

• AWS DPA - data storage

• Algolia DPA - data indexing

• Filestack DPA - File management. Filestack has been recently acquired by Idera Inc. New Filestack legal documents are vailable here: https://www.ideracorp.com/legal/filestack#tabs-2

• Mailchimp DPA - platform emailing

Agorize is certified under ISO/IEC 27001 : 2013 for the following activities: PLATFORM DEVELOPMENT, DEPLOYMENT AND OPERATION.