fbpx

Security

Protecting your information and the information of your customers is extremely important to us.

Thnks and ISO/IEC 2700

The international acceptance and applicability of ISO/IEC 27001 is the key reason why certification to this standard is at the forefront of Thnks approach to implementing and managing information security. Thnks achievement of ISO/IEC 27001 certification points up its commitment to making good on customer promises from a business, security compliance standpoint.

Learn about the benefits of ISO-Iec-27001 on Thnks Platform:
Download the ISO/IEC 27001:2013 information security management standards

Resilience & Availability

Will Thnks software be available?

Yes! Thnks availability is consistently above 99.99%. Customer data is 100% backed up to multiple online replicas with additional snapshots and other backups.

Does Thnks monitor its systems and software?

Yes! Our operations teams monitor software and application behavior 24x7x365 using proprietary and industry-recognized solutions.

Does the Thnks software contain system redundancy?

Yes! Databases, application servers, web servers, jobs servers, and load balancers as well as backend support services all have multiple failover instances to prevent outage from single points of failure.

Does Thnks encrypt data in transit?

Yes! Sessions between you and your portal are always protected with top end in-transit encryption, advanced TLS (1.0, 1.1, and 1.2) protocols, and 2,048-bit keys.

Is my website or data protected by a Web Application Firewall and network firewall?

Yes! Thnks prevents attacks with sophisticated monitoring and protections including a high-grade web application firewall and tightly controlled network-level firewalling. In addition,

Does Thnks incorporate security into its software development lifecycle (SDLC)?

Yes! Thnks code is high quality from conception to deploy. We use automated static code analysis alongside human review to ensure development best practices are implemented across our thousands of daily code pushes. Responsive software development means new features, resiliency improvements, and bug fixes arrive hundreds of times a day, seamlessly.

Datacenter Protections

Are physical security protections in place to protect my data?

Yes! Thnks products are hosted with the world’s leading data center providers. Access to these data centers is strictly controlled and monitored by security staff, tight access control, and video surveillance. Our data center partners are SOC 2 Type II and ISO 27001 certified and provide N+1 redundancy to all power, network, and HVAC services.

Software Security

Can the Thnks software respond quickly to new security needs or threats?

Yes! Between our streamlined, rapid approach to application delivery and our highly automated server infrastructure, Thnks quickly addresses security issues as they arise. These technology and process structures allow HubSpot to rapidly adapt as new threats are identified.

Does the Thnks infrastructure detect and prevent attacks?

Yes! Thnks uses enterprise-grade firewalling, routing, intrusion prevention, and behavior analytics capabilities to protect infrastructure and thwart attacks.

Does Thnks rapidly patch and update when vulnerabilities are identified?

Yes! Thnks patch management process pushes security updates fast and consistently. In most situations, patching is handled by deploying new server instances with the most up to date patches and de-provisioning out of date servers.

Does Thnks have an incident response program?

Yes! Thnks incident response program is responsive and repeatable. Incident process flows and investigation data sources are pre-defined during recurring preparation activities and exercises and are refined through investigation follow-ups. We use standard incident response process structures to ensure that the right steps are taken at the right time.

Audits, Vulnerability Assessment & Penetration Testing

Does Thnks have a repeatable process for discovering and quickly correcting security bugs?

Yes! We test for potential vulnerabilities continuously in all layers of the technology stack. Dynamic application scans, static code analysis, and infrastructure vulnerability scans are run every day, all day. Our Security team tests our products day-in and day-out to detect and quickly respond to flaws.

Does Thnks bring in outside third parties to find security issues?

Yes! We bring in industry-respected 3rd party penetration testing firms several times a year to test the Thnks products and data infrastructure. We also have rigorous internal and external audit processes to ensure that processes are implemented and working as intended.

What external audits or assessment results are available to review?

Thnks has certifications with the following: 1SO 27001 2013, ANAB Accreditation Rule 2, and IAF – Member of Multilateral Recognition Arrangement.

 

If you would like to request the complete ISO 27001: 2013 report please reach out to security@thnks.com and someone will get in touch with you.