Spanning Backup employs multiple layers of operation and physical security to ensure the integrity and
safety of your data, including:
SOC 2 Compliance
Spanning is SOC 2 Type II certified, a rigorous evaluation of repeatable internal operational and
technical controls, information technology processes, and trust services principles.
Application-Level Authentication
Spanning accesses SaaS systems using the OAuth 2.0 protocol rather than less secure service accounts
and passwords.
Strong Encryption
Spanning Backup protects data at rest with 256-bit AES object-level encryption (one of the strongest
block ciphers available) with unique, randomly generated encryption keys for every single object and
a rotating master key protecting the unique keys. All data in transit is also protected with
Transport Layer Security (TLS) encryption.
Intrusion Detection
Our systems constantly guard against intrusion with log analysis, file integrity checking, policy
monitoring, rootkit detection, real-time alerting, and active response.
Compartmentalized Access
Access to production servers is granted only to named Spanning employees who have specific
operational requirements. Changes to the production environment access control list are tracked and
auditable.
HIPAA Compliance
Spanning’s service is hosted on HIPAA-compliant datacenters. If you are interested in learning more, or require a Business Associate Agreement (BAA), please contact us at sales@spanning.com.
Cloud Security Alliance Member
Spanning is a member of the Cloud Security Alliance (CSA), a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing.
Skyhigh Enterprise-Ready
Spanning Backup has been awarded the Skyhigh CloudTrust™ rating of enterprise-ready. Skyhigh Enterprise-Ready cloud services fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.
Third-Party Certifications and Audits
Spanning Backup operates within the Amazon Web Services cloud, which is ISO 27001 certified, has completed multiple SAS-70 Type II audits, and publishes a SOC 2 report under both the SSAE 18 and the ISAE 3402 professional standards.
Confidential Security & Compliance Communications
Spanning is committed to the reporting of security and compliance issues. Further, in order to obtain objective feedback on potential issues, Spanning maintains a direct line of communication to the Principal Security Manager (and Security Team) here. This serves as a mechanism to enable anonymous or confidential communication for critical/sensitive security vulnerability issues when normal channels are inoperative or ineffective.
Privacy & Security Certifications
Spanning Backup has also earned BBB EU PRIVACY SHIELD (covered under Kaseya US LLC), operated by the Council of Better Business Bureaus Privacy Certification and is certified under the US-EU and Swiss-US Privacy Shield.
Spanning is compliant with the Regulation (EU) 2016/679 (General Data Protection Regulation). For more information about our compliance, please see our GDPR page here. For our Data Protection Addendum please reach out to your sales representative.