Application, Platform, and Organizational Security.
Protect What Matters
Our customers place trust in Pagefreezer to secure data. Our application, platform, and organizational security is designed around the idea that no one should ever gain unauthorized access to electronic records.
Since Pagefreezer archives records across websites, social media accounts, mobile text messages, and enterprise collaboration platforms, the data is often valuable and sensitive. We want to do everything we can to help customers have secure archives. With this in mind, we offer a host of features to empower our customers with complete control over how archived data is accessed.
If you have any questions regarding security, please email [email protected].
If you would like to report a vulnerability or have any security concerns with any of our products, please contact [email protected].
Business Conduct and Ethics at Pagefreezer
Employees, contractors, and vendors of Pagefreezer are expected to act ethically and lawfully at all times. This means that all duties must be performed to the highest possible ethical standard and always in compliance with all relevant laws. As a business entity, Pagefreezer equally aims to uphold this high standard of behavior by dealing with all employees, vendors, customers, and other stakeholders in a fair and ethical manner.
All Pagefreezer stakeholders, including employees, partners, vendors, and colocation data centers are always expected to protect the organization’s assets, including electronic, physical, and intellectual properties. This extends to all customer information and data we hold. Pagefreezer endeavors to be transparent in how we do this by providing third-party verification of all controls related to security and confidentiality.
To report any incident or concern related to the ethical conduct of Pagefreezer, or if you simply have questions, please contact [email protected]. We take your concerns seriously and always appreciate your feedback.
Pagefreezer Platform and Organizational Security:
SOC 2 Type I & II Compliance
Pagefreezer is SOC 2 Type 1 and Type 2 compliant. Our independent auditor’s report attests that Pagefreezer has put in place controls for information security and confidentiality that are suitably designed (according to the trust services criteria), and that after in-depth testing and examination, these controls operated effectively throughout the review period. Data centers we use in North America are also SOC compliant.
ISO 27001 Certification
Pagefreezer’s management system is ISO 27001:2013 certified, meaning that we consistently meet the security goals outlined in ISO 27001. This includes limiting data access only to those who are authorized, protecting data integrity by preventing unauthorized alteration, and offering customers reliable access to the data that they need. Data centers we use in Canada and Europe are also ISO 27001 certified.
Data Encryption and Access
All information we receive is transmitted via Secure Socket Layer (SSL) technology, and then encrypted into our database to only be accessed by those authorized with special access rights to our systems—and who are obligated to keep that information confidential. Access is restricted to all sensitive data and systems. We log and monitor access requests and granting of access. In addition, we perform quarterly reviews of access logs and access procedures.
Security Screening and Training
At Pagefreezer, security screenings are conducted at the recruitment (or offer) stages of the hiring process, as well as on an annual basis for all existing personnel. Onboarding processes are in place to ensure security training is completed by all new hires and all security information and responsibilities relevant to their role is shared.Finally, Pagefreezer conducts annual company-wide security training in privacy and confidentiality, security controls and measures, information handling, acceptable use of assets, physical security, and social engineering security risks. (Additional training is also provided for specific teams).
Monitoring for Security and System Health
Pagefreezer uses network and performance monitoring tools for ongoing monitoring of servers, systems, and applications to assess health and performance, availability, and capacity. Data aggregation and visualization tools are also used, including ones that explore and analyze the metrics and logs and visualize these so Pagefreezer’s team can view them in dashboards and configure automated alerts.
Pagefreezer has a Information Security Incident Management plan in place to ensure that all events related to information security—or weaknesses associated with information systems— are reported and responded to in a way that ensures timely identification of actual security incidents, appropriate investigation, consistent communication, initiation of corrective action, and resumption of information security.
Business Continuity and Disaster Recovery
Pagefreezer has created a Business Continuity and Disaster Recovery Plan (BCDRP) to prepare for, mitigate against, and effectively respond to major disruptive events or extended outages caused by factors beyond our control. Pagefreezer’s business continuity plan reduces risk and vulnerability by identifying critical Pagefreezer systems, services, and processes and the resources required to facilitate continuity in these areas.
Security Scorecard Rating
Pagefreezer application security features:
Single Sign-On (SSO)
Pagefreezer offers single sign-on (SSO) as a way of logging into the Pagefreezer dashboard. This means that customers making use of an identity and access management (IAM) solution—like ADFS, OpenAM, Okta, or Ping Identity—can use it to grant their platform users access to the Pagefreezer dashboard.
Two-Factor Authentication (2FA)
2FA can be deployed to require users to authenticate with a second factor when logging into the Pagefreezer platform. When activating 2FA, administrators can choose between a security code sent via email or verification through a third-party app such as Google Authenticator.
IP whitelisting allows platform administrators to limit access to specific IP addresses (or an IP range). This is useful in a scenario where an organization wants to ensure that employees can only access records from company premises.
User, Group, and Role Management
To ensure that organizations have control over who exactly has access to what electronic records, Pagefreezer offers advanced user, group, and role management that makes the appropriate provisioning of users simple and easy. The archive activities of all users are also logged to easily monitor actions.
Concurrent Login Management
To curb the sharing of credentials in the workplace and reduce the attack surface for a potential breach, platform administrators can control the number of concurrent logins for each user. For instance, should a second user log in with credentials already in use, the system will remove the original user from the platform.
Password Policy Management
Pagefreezer automatically enforces strong password policies for all accounts, but platform administrators can also set password policies that align specifically with an organization’s internal security requirements.
Timestamps and Digital Signatures
Pagefreezer stamps each archived page with an RFC 3136 compliant Time Stamp Authority (TSA) synchronized with the atomic clocks of a Stratum-1 Time Server. This non-refutable time cannot be altered without detection. Each archived page also boasts a SHA-256 digital signature, ensuring data integrity and authenticity.
Audit logs give platform administrators detailed insight into all activities on the system, including what exactly was done, who did it, and when this activity took place.
Subscribe to our Blog
Get targeted Industry news, great tips and valuable insights