Regulators trust Thentia Cloud to manage their security processes and ensure their data is protected

All client data is safely and securely stored in Google’s Cloud Platform, which is fully compliant with ISO/IEC 27001/27017/27018/27701, SOC 1/2/3, PCI DSS, and FedRAMP certifications. Our regional approach ensures that Canadian data stays in Canada, while U.S. data stays in the U.S.

Google data centers feature layered security with industry-leading mechanisms, including custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, biometrics, and laser beam intrusion detection. Data centers are monitored 24/7 by high-resolution cameras that can detect and track intruders. Only approved employees with specific roles may enter.

Downtime can be costly and impede regulators’ ability to do their important work. This is why Thentia Cloud makes it a top priority to consistently maintain or exceed a 99.8% uptime, ensuring that clients have constant access to the platform. In the event of a temporary interruption or scheduled maintenance, Thentia Cloud users can visit our Systems Status webpage where details about all major incidents, scheduled maintenance, service events, and more, will be posted. Customers can also subscribe to our Thentia Status page to receive email notifications for maintenance scheduled and other service events.

Thentia Cloud provides full hourly data backups in case data needs to be restored — an especially important feature during high transaction cycles, such as renewal periods. Continuous data backup gives clients peace of mind that their data is retrievable if they, or we, are ever attacked with ransomware or malware. Backup data is securely stored in Google’s Cloud Platform.  

Our industry-standard network protection procedures allow us to prevent, detect, and quickly respond to any malicious traffic and network attacks. With our layered approach to security, we employ multiple levels of strong IT defenses that together address potential weaknesses or vulnerabilities of the individual components. Our procedures include network segregation using VLAN’s, web application firewall (WAF) technology, intrusion detection and prevention systems, centralized log aggregation, and alert mechanisms. These procedures are used in conjunction with secure connectivity, including secure channels and multi-factor access for authorized systems operations group personnel. 

Thentia conducts continuous internal network security audits and scanning to allow us to quickly identify any issues. All operating systems, software, frameworks, and libraries used in Thentia’s infrastructure are updated to the latest versions on a regular basis in accordance with our in-house patch management policy. Whenever a vulnerability is identified, prompt actions are taken to mitigate any potential risks for our clients, which includes applying hotfixes and patches quickly when available and/or implement pro-active mechanisms like configuration of firewalls or IDS/IPS. Thentia’s intrusion detection systems can take actions when malicious activity or abnormal traffic is detected, including blocking traffic sent from suspicious IP addresses. 

A robust Application Security process is fully integrated into Thentia’s Software Development Lifecycle (SDLC), including: 

• In-house security requirements, policies, and industry security best practices applied in every stage of the lifecycle. 
• Continuous security review of architectures and features. 
• Iterative manual and automated source code review (using static code analyzers) for security weaknesses, vulnerabilities, and code quality, plus development team advisory and guidance. 
• Per release dynamic scanning of pre-production environment. 
• Security training provided for IT and development teams. 

Thentia’s industry-leading Vulnerability Management Program utilizes layers of people, processes, and technology to identify and monitor for vulnerabilities in our applications and infrastructure, including: 

• Static Application Security Testing (SAST): Run during development and continuously monitored to detect OSS package issues. 
• Dynamic Application Security Testing (DAST): Run during QA stage of the SDLC 
• Vulnerability and Configuration Monitoring: Run during server deploy and weekly to assure auto-patching technologies are delivering on their Service Level Agreements (SLA) (weekly patching of at least Critical/High). 

Vulnerabilities detected during SDLC are remediated before go-live. Vulnerabilities identified in production are tracked by our InfoSec team to assure timely closure. 

Each Thentia Cloud user has a unique, password-protected account with a verified email address. The password must meet strong password policies and is stored securely using a strong hashing algorithm with a unique salt for every password. Two-Factor Authentication is available as an additional security measure to protect customer and licensee/user accounts. Thentia Cloud utilizes automatic session timeouts, an important security control for any application. Users are required to re-authenticate after a specified length of time to prevent unauthorized access. Thentia Cloud also supports multiple methods of federated authentication, including Google Open ID, Azure, Office 365, ADFS and SAML2 to conveniently and securely gain access to a Thentia Cloud account leveraging corporate credentials.

Thentia Cloud account administrators can easily manage and control any individual user’s permissions based on their role and responsibilities. Limiting access to administrator functions is crucial for preventing damage from intruders.

Thentia Cloud clients can access logs of both internal and external user activities.

All client data is encrypted automatically by Google, which uses multiple layers of encryption to protect data. Google Cloud uses a FIPS 140-2 validated encryption module (certificate 3318) in its production environment, and all data stored in Google Cloud is encrypted at the storage level using AES256. Data for storage is split into chunks, and each chunk is encrypted with a unique data encryption key. These data encryption keys (DEKs) are stored with the data, encrypted with (“wrapped” by) key encryption keys (KEKs) that are exclusively stored and used inside Google’s central Key Management Service, which is redundant and globally distributed.

With best-in-class practices for managing security and data protection risk, a strong approach to security is embedded in everything we do. Our InfoSec team has years of experience in financial, retail, manufacturing, and consulting environments ranging in size from startup to enterprise and is constantly improving our security processes over time.

Access to client data is limited to Thentia employees with a job-related need, and all these staff members are required to sign a confidentiality agreement. Accessing client data is only done when necessary, and only when approved by the client (such as during a request for support), or under authorization from senior management and security for the purposes of providing support, maintenance, or improving service quality.

We take the protection of users’ Personal Identifiable Information seriously. Consult Thentia’s Privacy Policy for full details on how we use and protect personal data collected in Thentia Cloud.  

Thentia is ISO 27001 certified and only uses ISO 27001 vendors when storing, processing, or transmitting customer data.

Thentia is SOC2 compliant and only uses SOC 2 compliant vendors when storing, processing, or transmitting customer data.

Safeguarding cardholder data is Thentia’s top most priority. Thentia is PCI-DSS compliant and adheres to the industry’s highest level of standards to ensure sensitive information is protected at all times.