Have questions about our Information Security Program? While all the information can be found within these pages, we’ve highlighted the most frequently asked questions. We’ll also draw your attention to our Cloud Security Alliance STAR questionnaires for Resolver Core and Perspective. These documents contain the answers to 300 commonly asked InfoSec questions and should address any questions about our program.
Yes. At least annually, or for product releases which introduce major architecture changes, manual penetration testing is performed by external certified experts. Additionally, monthly Application, network and OS level vulnerability scans are automatically performed on all versions on staging environments, and production and pre-production versions of the software. All issues are addressed, before production deployment or, as defined per internal risk assessment, within Resolver’s mitigation time frame.
Yes. On a monthly basis, we perform automated vulnerability tests on various aspects of the Resolver Core environments, utilizing a cloud-based vulnerability management platform comprised of
In addition, at least annually, or for product releases which introduce major architecture changes, external, 3rd party penetration testing is performed before public release.
All findings are reviewed and addressed by Resolver’s Security, Dev, DevOps, and management teams, before production release or, as defined per internal risk assessment, with
Resolver’s required mitigation time frame.
Penetration test executive summaries and Resolver responses to findings are made available to customers under NDA, upon written request.
Yes.
Yes. Customer data is logically segmented into unique customer tables, however, our approach to database encryption is holistic and comprehensive (AES 256).
Yes. Resolver leverages the managed RDS PostgreSQL AWS service. Backups are performed daily and provide the ability to rollback to any point in time within the 30 days.
Yes. This capability is defined by AWS Regions and is available upon customer request and under specific agreement terms.
Yes. All production environments utilize multiple AWS Availability Zones (AZ) within an AWS Region to provide geographic resiliency. AZ is a logical data center in an AWS Region. Each AZ redundant and separate power, networking and connectivity to reduce the likelihood of two zones failing simultaneously. Check out for reference: Resolver Core Deployment Diagram.
Yes. Reference is available here.
Yes. By utilizing AES 256 Symmetric Encryption Algorithm
Yes. Please refer to our SOC2 report available under NDA.
Yes. As part of the onboarding process, all employees required to complete security awareness training. In addition, all developers are required to complete annual Secure Coding Awareness Training. Please refer to our SOC 2 report, independent 3rd party assessment of Resolver’s internal processes/programs. Available under NDA and upon request.
Yes. Resolver utilizes Active Directory and AWS IAM Policy for centralized access and identity management
Yes. Resolver Core supports SAML 2.0 based Web SSO integration for authentication.
Yes. A full list of APIs is available in application to administrators.