Protecting Customers' Data is Our #1 Priority

Spanning Backup employs multiple layers of operation and physical security to ensure the integrity and safety of your data, including:

SOC 2 Compliance

Spanning is SOC 2 Type II certified, a rigorous evaluation of repeatable internal operational and technical controls, information technology processes, and trust services principles.

Application-Level Authentication

Spanning accesses SaaS systems using the OAuth 2.0 protocol rather than less secure service accounts and passwords. 

Strong Encryption

Spanning Backup protects data at rest with 256-bit AES object-level encryption (one of the strongest block ciphers available) with unique, randomly generated encryption keys for every single object and a rotating master key protecting the unique keys.  All data in transit is also protected with Transport Layer Security (TLS) encryption.

Intrusion Detection

Our systems constantly guard against intrusion with log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting, and active response.

Compartmentalized Access

Access to production servers is granted only to named Spanning employees who have specific operational requirements. Changes to the production environment access control list are tracked and auditable.

HIPAA Compliance 

Spanning’s service is hosted on HIPAA-compliant datacenters. If you are interested in learning more, or require a Business Associate Agreement (BAA), please contact us at [email protected].

Cloud Security Alliance Member

Spanning is a member of the Cloud Security Alliance (CSA), a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing.

Skyhigh Enterprise-Ready

Spanning Backup has been awarded the Skyhigh CloudTrust™ rating of enterprise-ready. Skyhigh Enterprise-Ready cloud services fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.

Third-Party Certifications and Audits

Spanning Backup operates within the Amazon Web Services cloud, which is ISO 27001 certified, has completed multiple SAS-70 Type II audits, and publishes a SOC 2 report under both the SSAE 18 and the ISAE 3402 professional standards.

Confidential Security & Compliance Communications

Spanning is committed to the reporting of security and compliance issues.  Further, in order to obtain objective feedback on potential issues, Spanning maintains a direct line of communication to the Principal Security Manager (and Security Team) here. This serves as a mechanism to enable anonymous or confidential communication for critical/sensitive security vulnerability issues when normal channels are inoperative or ineffective.

Privacy & Security Certifications

Spanning Backup has also earned BBB EU PRIVACY SHIELD (covered under Kaseya US LLC), operated by the Council of Better Business Bureaus Privacy Certification and is certified under the US-EU and Swiss-US Privacy Shield.

Spanning is compliant with the Regulation (EU) 2016/679 (General Data Protection Regulation). For more information about our compliance, please see our GDPR page here. For our Data Protection Addendum please reach out to your sales representative.