EMANAGE CRM DEVELOPMENT INC.
Data Security Statement
Effective on: January 1, 2021
CRM is committed to providing best-in-class sales and marketing automation software for small businesses. In support of this commitment, CRM has developed information security risk management policies to reasonably ensure the confidentiality, integrity, and availability of Your Data that You upload to the CRM services. This Data Security Statement (the "Statement") describes some of the security controls that CRM has implemented pursuant to those policies. This Statement applies to CRM services but not necessarily to the other related services provided by CRM or to our publicly accessible websites.
Capitalized terms used in this Statement but not defined herein shall have the meaning given to them in the CRM Subscription Use Agreement.
Audits and Certifications
CRM has completed and/or maintains the following data protection audits and certifications:
PCI DSS
CRM is a PCI Level 1 credit card processing platform. A Certificate of Compliance has been issued to the Company and is available upon request. Please contact contactus@emanagecrm.com or support@emanagecrm.com to request this documentation.
Infrastructure
Your Data that You submit to CRM services is stored with third-party infrastructure service providers (the “Data Center Providers”) in multiple locations with automated and regularly scheduled multi-region and geographically remote backups. Additionally, all infrastructure configuration information is maintained separately from the Data Center Providers. Secondary locations are provisioned with sufficient computational, network, and storage resources to replace the functionality of the primary locations and restore the services if required.
Vendor Risk Management
CRM ensures that Data Center Providers have recently completed a Service Organization Controls (SOC) 2 Type II audit. Additionally, those third parties are contractually obligated to maintain the confidentiality of Your Data to the fullest extent allowed by applicable law.
Physical Security Controls
  • Access to the Data Center Providers' data center facilities is restricted to authorized personnel only.
  • The Data Center Providers' data center facilities are secured by professional security guards.
  • A physical access control system (ID card and/or biometric) has been implemented at entry and exit points of the Data Center Providers' data center facilities.
  • All visitors must be escorted by an employee of the Data Center Providers or, in some cases, a permanent badge-holder at all times when visiting the Data Center Providers' data center facilities.
Availability and Disaster Resistance
  • The Data Center Providers' data center facilities are designed, built, and maintained to withstand reasonably foreseeable adverse weather and other natural conditions.
  • Processing capacity is monitored on a daily basis.
  • The Data Center Providers have installed and maintain at least the following environmental protections:
- Cooling systems
- Battery-powered backup electrical supply and/or backup electrical generators
- Redundant communications lines
- Smoke/fire detectors
-    Automatic fire suppression systems
  • The Data Center Providers' data center facilities are designed, built, and maintained to withstand reasonably foreseeable adverse weather and other natural conditions.
  • Processing capacity is monitored on a daily basis.
  • The Data Center Providers have installed and maintain at least the following environmental protections:
CRM’s Data Security Controls
Technical Security Controls
CRM maintains at least the following technical security controls and policies:
  • The CRM-authored software application product offerings provide end-to-end encryption using the Transport Layer Security (TLS) protocol version 1.2 or higher with a minimum of 128 bit encryption for personal data in transit.
  • Personal data within CRM-authored software application product offerings is encrypted using, at a minimum, AES-256.
  • The CRM-authored software application product offerings and IT systems are regularly scanned/monitored for vulnerabilities.
  • The CRM-authored software application product offerings and IT systems are patched expeditiously.
  • External points of connectivity in the CRM network architecture are protected by firewall(s).
  • Network and database activity are logged and actively monitored for potential security events including intrusion.
  • CRM user passwords are stored in a one-way hash.
Administrative Security Controls
Administrative Security Controls CRM maintains at least the following administrative security controls and policies:
  • Physical and logical access to IT systems that process Your Data is limited to those officially authorized persons with an identified need for such access.
  • CRM’s workforce participates in data protection awareness training.
  • CRM conducts pre-employment background checks to help ensure employee reliability.
  • CRM has implemented a disaster recovery plan, which will be regularly tested. The IT systems architecture of the CRM Service includes redundant backups of critical hardware and software components.
Data Protection Officer
CRM has appointed a data protection officer. You may contact CRM’s data protection officer by email atcontactus@emanagecrm.com or support@emanagecrm.com