Regulators trust Thentia Cloud to manage their security processes and ensure their data is protected

All client data is securely stored within Amazon Web Services (AWS), a leading cloud infrastructure provider that maintains compliance with globally recognized security standards including ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, ISO/IEC 27701, SOC 1, SOC 2, SOC 3, PCI DSS, and FedRAMP.

Our infrastructure follows a regional data residency model, ensuring that Canadian customer data is hosted within Canadian AWS regions, while U.S. customer data remains within U.S. regions, supporting regulatory and jurisdictional requirements.

AWS data centers are protected by multiple layers of physical and environmental security controls, including electronic access systems, alarms, vehicle access barriers, perimeter fencing, metal detectors, biometric identification, and advanced intrusion detection systems. Facilities are monitored 24/7 using high-resolution surveillance systems, and access is strictly limited to authorized personnel with a verified business need.

Downtime can be costly and impede regulators’ ability to do their important work. This is why Thentia Cloud makes it a top priority to consistently maintain or exceed a 99.8% uptime, ensuring that clients have constant access to the platform. In the event of a temporary interruption or scheduled maintenance, Thentia Cloud users can visit our Systems Status webpage where details about all major incidents, scheduled maintenance, service events, and more, will be posted. Customers can also subscribe to our Thentia Status page to receive email notifications for maintenance scheduled and other service events.

Thentia Cloud provides hourly data backups to support rapid recovery if data restoration is required — an especially important capability during high transaction periods such as renewal cycles. Continuous backup processes ensure that client data remains recoverable in the event of incidents such as ransomware or malware attacks.

All backup data is securely stored within Amazon Web Services (AWS) infrastructure, leveraging the platform’s highly resilient and secure storage services to ensure durability, availability, and protection of customer data.

Our industry-standard network protection procedures allow us to prevent, detect, and quickly respond to any malicious traffic and network attacks. With our layered approach to security, we employ multiple levels of strong IT defenses that together address potential weaknesses or vulnerabilities of the individual components. Our procedures include network segregation using VLAN’s, web application firewall (WAF) technology, intrusion detection and prevention systems, centralized log aggregation, and alert mechanisms. These procedures are used in conjunction with secure connectivity, including secure channels and multi-factor access for authorized systems operations group personnel. 

Thentia conducts continuous internal network security audits and scanning to allow us to quickly identify any issues. All operating systems, software, frameworks, and libraries used in Thentia’s infrastructure are updated to the latest versions on a regular basis in accordance with our in-house patch management policy. Whenever a vulnerability is identified, prompt actions are taken to mitigate any potential risks for our clients, which includes applying hotfixes and patches quickly when available and/or implement pro-active mechanisms like configuration of firewalls or IDS/IPS. Thentia’s intrusion detection systems can take actions when malicious activity or abnormal traffic is detected, including blocking traffic sent from suspicious IP addresses. 

A robust Application Security process is fully integrated into Thentia’s Software Development Lifecycle (SDLC), including: 

• In-house security requirements, policies, and industry security best practices applied in every stage of the lifecycle. 
• Continuous security review of architectures and features. 
• Iterative manual and automated source code review (using static code analyzers) for security weaknesses, vulnerabilities, and code quality, plus development team advisory and guidance. 
• Per release dynamic scanning of pre-production environment. 
• Security training provided for IT and development teams. 

Thentia’s industry-leading Vulnerability Management Program utilizes layers of people, processes, and technology to identify and monitor for vulnerabilities in our applications and infrastructure, including: 

• Static Application Security Testing (SAST): Run during development and continuously monitored to detect OSS package issues. 
• Dynamic Application Security Testing (DAST): Run during QA stage of the SDLC 
• Vulnerability and Configuration Monitoring: Run during server deploy and weekly to assure auto-patching technologies are delivering on their Service Level Agreements (SLA) (weekly patching of at least Critical/High). 

Vulnerabilities detected during SDLC are remediated before go-live. Vulnerabilities identified in production are tracked by our InfoSec team to assure timely closure. 

Each Thentia Cloud user has a unique, password-protected account with a verified email address. The password must meet strong password policies and is stored securely using a strong hashing algorithm with a unique salt for every password. Two-Factor Authentication is available as an additional security measure to protect customer and licensee/user accounts. Thentia Cloud utilizes automatic session timeouts, an important security control for any application. Users are required to re-authenticate after a specified length of time to prevent unauthorized access. Thentia Cloud also supports multiple methods of federated authentication, including Google Open ID, Azure, Office 365, ADFS and SAML2 to conveniently and securely gain access to a Thentia Cloud account leveraging corporate credentials.

Thentia Cloud account administrators can easily manage and control any individual user’s permissions based on their role and responsibilities. Limiting access to administrator functions is crucial for preventing damage from intruders.

Thentia Cloud clients can access logs of both internal and external user activities.

All client data stored within Thentia Cloud is protected using encryption technologies provided by Amazon Web Services (AWS). Data stored in Amazon S3 is encrypted at rest using AES-256 server-side encryption, and all data transmitted to and from the platform is protected using TLS encryption.

AWS encryption services use FIPS 140-2 validated cryptographic modules, helping ensure strong protection of sensitive information. Encryption keys are securely managed within AWS’s highly resilient key management infrastructure.

With best-in-class practices for managing security and data protection risk, a strong approach to security is embedded in everything we do. Our InfoSec team has years of experience in financial, retail, manufacturing, and consulting environments ranging in size from startup to enterprise and is constantly improving our security processes over time.

Access to client data is limited to Thentia employees with a job-related need, and all these staff members are required to sign a confidentiality agreement. Accessing client data is only done when necessary, and only when approved by the client (such as during a request for support), or under authorization from senior management and security for the purposes of providing support, maintenance, or improving service quality.

We take the protection of users’ Personal Identifiable Information seriously. Consult Thentia’s Privacy Policy for full details on how we use and protect personal data collected in Thentia Cloud.  

Thentia Cloud operates under a comprehensive security and compliance program designed for government and regulated organizations. The platform is ISO/IEC 27001 certified, SOC 2 audited, and PCI DSS compliant, reflecting our adherence to internationally recognized standards for information security, data protection, and operational controls.

These certifications and attestations are independently validated and demonstrate our commitment to maintaining the confidentiality, integrity, and availability of customer data.

Thentia is SOC2 compliant and only uses SOC 2 compliant vendors when storing, processing, or transmitting customer data.

Safeguarding cardholder data is Thentia’s top most priority. Thentia is PCI-DSS compliant and adheres to the industry’s highest level of standards to ensure sensitive information is protected at all times.