Last updated on June 2024

Uncountable Security

Securing our customers' data is the paramount commitment at Uncountable, ensuring its integrity and confidentiality for authorized users.

Standards:

  • SOC-2 Type II Certification: Subject to rigorous annual external audits for continuous adherence to industry-leading security practices.
  • ISO27001 Compliance: Strict adherence to international standards, providing a robust framework for information security.
  • HIPAA and GxP Compliance: Committed to meeting the stringent requirements for healthcare and pharmaceutical data protection.
  • Privacy Shield Membership: Demonstrated commitment to data protection while participating in the Privacy Shield program.

Data Protection:

  • Confidentiality: Treating customer data as confidential and proprietary, enforcing access controls through role-based mechanisms.
  • Encryption Protocols: Employing AES-256 encryption for data at rest and TLS for in-transit data.
  • Data Segregation: Rigorous schema-level isolation and regular penetration testing to ensure customer data segregation.
  • Data Classification: Classifying data based on confidentiality, proprietary, or other standards enforced with differentiated user access

Web Application Security:

  • Server Audits: Regular audits of web servers to uphold the highest standards of security., including: Content Security Policy, XSS-Protection, HTTP Strict Transport Security, X-Content-Type-Options, and X-Frame-Options.
  • Email Security: Leveraging the AWS secured email service and implementing Sender Policy Framework (SPF) for domain security.
  • File Security Controls: Robust file-sharing mechanisms with per-user controls, malware scanning, and unrestricted file size handling.
  • Application Integrity: Ensuring the Uncountable application cannot be embedded or proxied through external clients.
  • Browser Supports: Supporting all modern browsers and operating systems as well as mobile browsers for iOS and Android.

Authentication:

  • SSO with SAML: Encouraging the use of Single Sign-On (SSO) through Security Assertion Markup Language (SAML) for enhanced account security.
  • Password Security Measures: Enforcing default password strength requirements with optional multi-factor authentication.
  • IP-Whitelisting: Supporting IP-whitelisting to restrict account access to specific, authorized IP addresses.

Deployment:

  • AWS Deployment: Leveraging Amazon Web Services (AWS) infrastructure for deployment, providing a robust and scalable foundation.
  • Global Deployment Options: Uncountable has deployments in the U.S., EU and Japan to accommodate customer preferences.
  • VPC Deployment Option: Optionally deploying Uncountable within a Customer's Virtual Private Cloud (VPC), allowing customers to manage encryption keys.

Auditability:

  • Audit Logs: Maintaining comprehensive admin audit logs to track all system actions.
  • Entity-Specific Logs: Empowering individual users to access audit logs for entities under their management.

Disaster Recovery:

  • Continuity Planning: Implementing a comprehensive disaster recovery and business continuity plan, shared transparently with our valued customers.
  • Public Application Status: Providing a publicly accessible link for customers to check the real-time status of the application.

Updates and Backups:

  • Changelog Publication: Regularly updating the changelog, published on our dedicated support site.
  • Data Backup Practices: Consistent and frequent data backups, including daily database snapshots stored redundantly in multiple cloud regions.

Legal and IP:

  • Customer Data Ownership: Affirming customer ownership of data and content.  Data uploaded to and content in reports exported from the application is owned by our customers.
  • Full Data Exports: Facilitating customer requests for full data exports at any time.
  • GDPR Compliance: Conforming to the General Data Protection Regulation (GDPR) standards for the protection of personal data.

Security Accountability:

  • Third-Party Penetration Tests: Subjecting Uncountable to yearly third-party penetration tests, covering OWASP Top 10 vulnerabilities and more.
  • Network Vulnerability Scans: Conducting regular network vulnerability scans to identify and mitigate potential security risks.

See how Uncountable can Transform the way you do research and development

Uncountable Innovation R&D Rings Image