Protecting Customers' Data is Our #1 Priority
Spanning Backup employs multiple layers of operation and physical security to ensure the integrity and safety of your data, including:
SOC 2 Compliance
Spanning is SOC 2 Type II certified, a rigorous evaluation of repeatable internal operational and technical controls, information technology processes, and trust services principles.
Spanning accesses SaaS systems using the OAuth 2.0 protocol rather than less secure service accounts and passwords.
Spanning Backup protects data at rest with 256-bit AES object-level encryption (one of the strongest block ciphers available) with unique, randomly generated encryption keys for every single object and a rotating master key protecting the unique keys. All data in transit is also protected with Transport Layer Security (TLS) encryption.
Our systems constantly guard against intrusion with log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting, and active response.
Access to production servers is granted only to named Spanning employees who have specific operational requirements. Changes to the production environment access control list are tracked and auditable.
Spanning’s service is HIPAA-compliant. If you are interested in learning more, please contact us at firstname.lastname@example.org.
Cloud Security Alliance Member
Spanning is a member of the Cloud Security Alliance (CSA), a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing.
Spanning Backup has been awarded the Skyhigh CloudTrust™ rating of enterprise-ready. Skyhigh Enterprise-Ready cloud services fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.
Third-Party Certifications and Audits
Spanning Backup operates within the Amazon Web Services cloud, which is ISO 27001 certified, has completed multiple SAS-70 Type II audits, and publishes a SOC 2 report under both the SSAE 18 and the ISAE 3402 professional standards.
Confidential Security & Compliance Communications
Spanning is committed to the reporting of security and compliance issues. Further, in order to obtain objective feedback on potential issues, Spanning maintains a direct line of communication to the Principal Security Manager (and Security Team) here. This serves as a mechanism to enable anonymous or confidential communication for critical/sensitive security vulnerability issues when normal channels are inoperative or ineffective.
Privacy & Security Certifications
Spanning Backup has also earned BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus Privacy Certification and is certified under the US-EU and Swiss-US Privacy Shield.
Spanning is compliant with the Regulation (EU) 2016/679 (General Data Protection Regulation). For more information about our compliance, please see our GDPR page here. Also, customers can download our pre-signed Data Protection Addendum + Model Contract Clauses. Once countersigned, return a copy to email@example.com.