MyWorkpapers and your Data Security
This Security Policy governs the processing of data provided by a Subscriber in connection with their user agreement (“Agreement”) or through the use of the MyWorkpapers Services. By using the Software, our services, or our website, or by signing an Agreement with MyWorkpapers, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Sites or Application.
Keeping your business safe
There is a lot of legitimate concern about cyber-security with many malicious actors seeking to access data or extract money using malicious online methods.
MyWorkpapers has an Information Security team that is dedicated to maintaining the security of client data in MyWorkpapers, MyWorkpapers itself, and of course all our internal systems that support our business.
Data on the MyWorkpapers Servers
Being a cloud solution, the software and all client data is stored on MyWorkpapers Servers, which are built on the GCP and Rackspace platform.
GCP and Rackspace provide a leading cloud services platform, providing database storage, content delivery and a range of other functions.
GCP and Rackspace makes security a top priority, providing a data centre and network architecture built to meet the requirements of the most security-sensitive organisations. GCP and Rackspace are constantly evolving core security services such as identity and access management, logging and monitoring, encryption and key management, network segmentation and Denial of Service (DDoS) protection.
MyWorkpapers stores data in the jurisdiction of origin. MyWorkpapers actively works to take advantage of GCP and Rackspace services, following Information Security best practices.
MyWorkpapers also makes continuous backups, so your MyWorkpapers data will be up to date to the time you last connected to the Internet.
We keep your MyWorkpapers data safe by adhering to industry best practices.
GCP and Rackspace provide an extensive and constant Cyber Security presence and MyWorkpapers too has its own Information Security Team. We continually monitor our GCP and Rackspace environment, implementing updates and patches in line with best practices prescribed by GCP and Rackspace.
You can find out more about GCP and Rackspace security from the GCP and Rackspace websites.
MyWorkpapers’ cloud infrastructure is maintained by industry leading cloud platform providers, GCP and Rackspace, in multiple unmarked facilities within the applicable region.
The terms of agreement between MyWorkpapers & GCP and Rackspace, are on standard terms for these providers and further details are available from the GCP and Rackspace websites.
GCP and Rackspace has achieved a substantial amount of certification and compliance in industry standards, which recognise best practices in Information Security.
For a full listing of GCP and Rackspace certification and compliance, visit the GCP and Rackspace websites.
MyWorkpapers utilises multiple layers of security controls (software, physical and process based) to protect our client data. This includes, but is not limited to:
- Local & Network Firewalls
- Web Application Firewalls
- Intrusion Detection Systems (IDS)
- DDoS Throttling Services
- Access Control Lists
- Security Patch Management
- Identity and Access Management
- Centralised Log Management
- Symmetric and Asymmetric Encryption systems
- Two Factor Authentication
- Separation of Duties
- Vulnerability Assessment
- Anomaly Detection
- Externally commissioned penetration testing
- Remote Monitoring & Alerting
MyWorkpapers understands security is of foremost importance to our clients. These are some of the security measures we implement to strengthen security for your business.
Each MyWorkpapers application is accessed via HTTPS using Transport Layer Security (TLS). TLS is a cryptographic protocol designed to protect information transmitted over the internet against eavesdropping, tampering, and message forgery.
Once client data reaches MyWorkpapers’ cloud infrastructure, all information is then encrypted at rest, using AES-256, military grade encryption.
All MyWorkpapers staff who have direct access to our cloud infrastructure must go through an extensive vetting process, which includes police background checks. This ensures only bona fide team members are selected to look after our core platform.
MyWorkpapers has been designed to be a highly available, active-active solution. MyWorkpapers services are split over multiple GCP and Rackspace datacentres within the applicable region. In the event of one data centre going offline in a disaster scenario, the second data centre continues to serve data with minimal, if any, service interruption.
MyWorkpapers’ service is designed to scale up as more clients use it at peak times, and then scale down at low times. This scaling allows MyWorkpapers to mitigate external attacks trying to flood our system resources.
The data contained in MyWorkpapers remains the property of the licensed subscriber. If the subscriber ends their agreement with MyWorkpapers, MyWorkpapers will retain the data for a minimum of seven (7) years, before having it destroyed.
At any time during the post active subscription, seven (7) year period, a subscription can be reactivated to gain access to the client data. Unless directed by the customer to remove all copies of data, backups of the data may remain in MyWorkpapers archives as part of our standard retention policies.
MyWorkpapers servers are backed up multiple times daily, weekly and monthly.
MyWorkpapers is monitored 24hours a day, 7 days a week, 365 days a year.
Found a Vulnerability?
At MyWorkpapers, we strive to have the most secure solution we can. If you believe you’ve found a security vulnerability in our platform, please let us know on firstname.lastname@example.org.
Report a Data Breach
If you believe MyWorkpapers client information has become publicly available, outside of MyWorkpapers, please contact us immediately on email@example.com for validation.
MyWorkpapers has a duty of care of our client’s data. If a data breach occurs, we must notify affected clients immediately.
This statement reflects the security policy of MyWorkpapers and is regularly reviewed and updated. It should be regarded as the primary source of truth regarding security within MyWorkpapers. Any questions should be directed to firstname.lastname@example.org.