ABBYY Timeline Data Security
ABBYY Timeline is a SaaS Web application offered by ABBYY. The application is hosted on virtual servers managed by Amazon Web Services. This environment complies with a wide array of security features and certifications which can be found here: https://aws.amazon.com/security/
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
Amazon Web Services provides the proper server administration, applies the necessary patches and updates, manages firewalls and other system software such as intrusion detection and virus protection.
Specific to data security features implemented within the ABBYY Timeline application architecture, ABBYY Timeline has been designed to provide additional security protections as follows:
- Customer data is encrypted at all time: during the transmission and at rest.
- Data is transmitted over SSL (HTTPS) connections.
- Data in storage is encrypted with FIPS-compliant AES encryption https://en.wikipedia.org/wiki/Advanced_Encryption_Standard.
- All source (raw) data to be loaded to the cloud is first parsed on the client, inside the corporate firewall, so the user can explicitly control which data elements (fields) are actually loaded into the ABBYY Timeline analysis software versus having to load the entire raw file to the server.
- Users are encouraged to avoid loading data which is classed as Personally Identifiable Information (PII), Protected Health Information (PHI) or Payment Card Information (PCI) in its raw form.
- Parsed records from source data are saved into the Postgres Relational Service administered by AWS which ensures proper compliance with policies and updates https://aws.amazon.com/rds/postgresql/
- Users do not have direct access to the database. Only the application services from the cloud may access it.
- Continuous data backup and reserve copying is performed by AWS as a core service ensuring data never leaves the control of the AWS environment.
- Any access to the project data requires user authentication.
- Application supports login/password and two-factor authentication.
- Strong password policy is always enforced.
- User account is locked after three consecutive failed login attempts.
- Project access could be restricted to the user from the corporate domain.
- Application supports role-base authorization with different levels of access doe each role.
- Project owner defines the authentication requirements for a given project.
- Project owner explicitly grants permissions for the users to access the projects and defines the roles for each user.
- All sessions have expiration timeout.
- All user actions are permanently logged into the administrative database.