We’ve implemented organizational and technical safeguards to secure all data hosted at Logiforms, in compliance with GDPR, PCI, HIPAA, and requirements. Security is our top priority.
Logiforms has never had a data breach in our 17-year history, and our team works hard every day to maintain and improve our track record.
- Privacy and Security by Design
- Code Deployment & Review Best Practices
- Physical Security
- Network Security
- Staff Clearance, Training, and Policies
- Mandatory Training
- Access to Customer Data
- Support Access
- Security Incident Management
- Vulnerability Management
Privacy and Security by Design
Logiforms software engineers and product managers are all trained on PCI, GDPR and general privacy best practices. We design applications with Privacy and Security by design as a guiding principle.
Code Deployment & Review Best Practices
Logiforms used best practice coding standards and peer code reviews through our Bamboo build server to ensure new commits to our repository have been peer-reviewed for security being released in a new build. All code is written to protect against common attack vectors such as SQL Injection and XSS attacks.
Physical Security
Physical access to our data centers is limited to authorized Logiforms personnel only, with access being verified using biometric controls. Physical security measures for our data centers include on-premise security guards, closed-circuit video monitoring, man traps, and additional intrusion protection measures.
- Controlled access systems requiring Biometric authentication
- Video-monitored access points
- Intrusion alarms
- Dedicated Locking cabinets
- Climate control systems
- Waterless fire-suppression systems
- Redundant power (generator backup, UPS, no single point of failure)
- Redundant Internet connectivity
- Canadian Based CSAE 3416 Type II Facility
Network Security
Logiforms network is designed from the ground up to present a limited attack surface and expose only services necessary for delivery of intended services. We maintain a strict network segmentation between production and non-production systems.
Access to our production networks is heavily restricted through the use of strict firewall rules and require multi-factor authentication and encrypted connections. Intrusion detection and prevention systems monitor traffic on all our networks to identify potential security issues.
Staff Clearance, Training, and Policies
All Logiforms staff and contractors are required to pass a criminal background check before starting with us and are also required to sign a series of agreements ensuring they understand the confidentiality nature of their positions. All staff sign confidentiality agreements, PCI & Data Security Standards Acknowledgement Agreements, HIPAA Confidentiality and NDA agreement and Sensitive Materials Access agreements.
Mandatory Training
The following individual training has been completed by all Logiforms Staff and Contractors who may have any access to customer data:
- HIPAA & HITECH Compliance Training for Employees of Covered Entities
- Information Security Awareness and Privacy Training
- Safe Remote and Mobile Computing
- PCI Awareness and Security Training for Back Office Employees
- and subsequently, during the onboarding process, security awareness courses are delivered to these new hires.
- GDPR (European General Data Protection Regulation) Awareness
All Staff workstations are also scanned for vulnerabilities, and all workstations contain firewall and AV software. All staff access to the Logiforms network is via VPN with a compliance protocol.
Access to Customer Data
Access to customer data is on a ‘need to access’ basis only.
Logiforms treats all customer data as sensitive, and we’ve implemented stringent controls governing this data. Awareness training is provided to our internal employees and contractors during the on-boarding / induction process which covers the importance of and best practices for handling customer data.
Within Logiforms, only authorized Logiforms employees to have access to customer data stored in our applications.
Unauthorized or inappropriate access to customer data is treated as a security incident and managed through our incident management process. This process includes instructions to notify affected customers if a breach of policy is observed.
Support Access
Our support teams will only access customer data when necessary to resolve an open ticket. All support team member access to data is logged and reviewed to ensure compliance.
Security Incident Management
Our incident response plan ensures speed and efficiency in response to any detected security incident. We pride ourselves on being ready to respond quickly to keep any potential impact as low as possible
Logiforms Security team aggregates logs from various firewalls, web servers, database servers and others, in our hosting infrastructure and leverage a SIEM platform to monitor and flag any suspicious activity. Alerts are triaged, investigated further, and escalated appropriately.
In the event of a security incident, Logiforms incident response plan and team of experts (both internal and external subject matter experts), have the resources and expertise to investigate and resolve any issue.
Vulnerability Management
We have an extensive vulnerability management program to ensure that we are actively seeking out weaknesses that may be present in our environment.
The Logiforms Security team performs on-going network vulnerability scans and application layer vulnerability scanning from a Payment Card Industry Approved Scanning Vendor. Our network and application vulnerability scans are reviewed and any vulnerability patched and prioritized based on CVSS severity level.