We understand that effective security is a collaborative effort between us and our customers. To ensure the highest level of data protection and service integrity, our customers are entrusted with several key responsibilities:
Certifications and Standards: Explore how we meet and exceed global security certifications and standards.
Data Governance: Understand our approach to data governance and how it shapes our security and privacy practices.
Securing Authentication Details: The security of authentication credentials, like passwords, is paramount. Customers are responsible for safeguarding their login information to prevent unauthorized access to their accounts.
Utilizing Security Features: We offer a suite of security functionalities, including two-step authentication and Single Sign-on. Customers are encouraged to actively use these features to bolster the security of their data.
Access Control Management: Customers have the autonomy to manage access permissions within their organizations. This involves ensuring that sensitive information is accessible only to authorized personnel, thereby maintaining data confidentiality and integrity.
Responsible Contract Distribution: When distributing contracts or sensitive documents, customers must ensure that they are sent to the intended recipients. This is crucial to avoid any data breaches or miscommunication.
Management of Exported Data: Any contracts or data exported from our platform come under the customer's responsibility. We advise our customers to handle such data with diligence and ensure its security, as they would within our platform's environment.
AGREEMIND DOES NOT OFFER LEGAL ADVISORY SERVICES. The information provided is intended solely for information, based on our research, current understanding of relevant regulations and training models. Any information provided by our products should be used at the customers own discretion and risk. For specific legal advice, we recommend consulting with qualified legal professionals within your jurisdiction and area of business.
CUSTOMER RESPONSIBILITY
At Agreemind, safeguarding data through cutting-edge encryption technology is a cornerstone of our commitment to security. Our comprehensive encryption strategy encompasses both data in transit and data at rest, ensuring your information is protected at every stage.
Encryption in Transit: We utilize TLS 1.2 protocol to encrypt data as it moves from the public internet through our content delivery network (CDN) edge points and into our internal network. This continuous encryption pathway guarantees that your data remains secure and inaccessible to unauthorized parties as it travels across the internet.
Encryption at Rest: When it comes to storing your data, we implement the Advanced Encryption Standard (AES) with a 256-bit key. This level of encryption is recognized globally for its strength and is used to secure data across our databases, servers, and file storage systems. By encrypting data at rest, we ensure that even when your information is stored, it remains protected against any unauthorized access or breaches.
AGREEMIND'S ADVANCED ENCRYPTION STANDARDS
Our primary duty is to safeguard the security and integrity of our platform, as well as the infrastructure and network that underpin our service. We are committed to ensuring the confidentiality, integrity, and availability of all data stored and processed through our systems. To achieve this, we employ rigorous security measures, including:
Encryption Standards: We deploy strong encryption protocols to protect data both during transit and while at rest. This ensures that all information flowing through our platform and stored on our servers remains secure and inaccessible to unauthorized parties.
Regular System Updates: Our commitment to security includes regularly updating our application to incorporate the latest security patches and enhancements. This practice is vital in maintaining the highest level of protection against evolving cyber threats.
Redundant and Reliable Service: To provide a consistent and reliable service, our platform is hosted across multiple geographically separated locations. This redundancy strategy is designed to prevent service interruptions and data loss, even in the event of localized failures.
Security-Enhancing Features: Recognizing the diverse needs of our customers, we offer a variety of security-enhancing functionalities. These features are adaptable to different risk landscapes and operational requirements, allowing our customers to customize their security settings in alignment with their specific compliance and security obligations.
AGREEMIND'S RESPONSIBILITY
Our ISO 27001 certification is a testament to our commitment to international information security standards. Aligned with ISO 27001 and the NIST framework, Agreemind has a suite of internal policies forming our Information Security Management System. These policies, ranging from risk management to secure development, govern our approach to maintaining the highest security and privacy standards.
Our robust security framework is supported by comprehensive internal policies, including:
-
Information Security Policy
-
Acceptable Use Policy
-
Change Management Policy
-
Decommissioning and Destruction Policy
-
Information Security Risk Management Policy
-
Information Security Incident Management Procedure
-
Business Continuity and Disaster Recovery Policy
-
Supplier Security Policy
-
Secure Development Policy
-
Workplace Policy
These policies ensure consistency in our security posture and guide our operations in protecting your information assets.
INTERNAL POLICIES FOR COMPREHENSIVE SECURITY
Our data governance standards, policies, and procedures are further shaped by various factors:
Global Certifications and Attestations: Agreemind maintains globally recognized certifications such as ISO 27001.
Expert Teams: We are working with dedicated teams specializing in privacy, information security, physical security, internal audit, compliance, and supplier risk.
Data Privacy and Security Assurances: Our customer contracts include comprehensive assurances for data privacy and security.
Our compliance framework integrates industry regulations such as, 21 CFR Part 11, Annex 11 (EU) and Health Insurance Portability and Accountability Act (HIPAA).
Data Backup and Storage: To further safeguard data, we implement rigorous logging and backup protocols. System and authentication logs are retained for 90 days, with a portion of these backups stored off-site for added security. Regular backup processes are in place, ensuring data is safely stored in highly secure data centers.
COMPREHENSIVE DATA GOVERNANCE: ADHERING TO GLOBAL STANDARDS AND BEST PRACTICES
Our e-signature solutions are fully compliant with the EU's eIDAS regulation, ensuring legal validity for digital transactions across European member states. In the United States, Agreemind complies with the Electronic Signatures in Global and National Commerce Act (ESIGN) and the Uniform Electronic Transactions Act (UETA), ensuring that our e-signatures are legally recognized across all states.
Agreemind rigorously adheres to the General Data Protection Regulation, ensuring the utmost care in personal data processing, providing transparency, and upholding individuals' privacy rights within the EU. In compliance with GDPR, databases, storage, and auxiliary services are hosted in Sweden, EU.
We align our operations with US-specific data protection and privacy laws, ensuring compliance with both federal and state-level regulations. We also adhere to the Turkish data protection law, KVKK, ensuring that the personal data of Turkish citizens is managed and protected in accordance with the regulation.
AGREEMIND'S COMPLIANCE HIGHLIGHTS
OUR COMMITMENT TO DATA SECURITY AND PRIVACY
We prioritize the security and privacy of your data. Our commitment to compliance is woven into the fabric of our operations, ensuring that we meet and exceed global standards. Our approach is comprehensive, encompassing advanced technologies, rigorous policies, and a shared responsibility model.
We maintain a thorough Business Continuity and Disaster Recovery Policy, which undergoes an annual review and updates in response to significant changes. This approach ensures that our operational resilience is always aligned with the latest best practices and technological advancements.
We integrate the highest compliance standards into our operations to ensure the security and privacy of our customers' data. Our approach to compliance spans various global regulations and industry-specific requirements.