Security Policy
At Maintein we know that our customers rely on us as a critical part of their business processes and record-keeping. Security is an integral component of providing an accessible and reliable maintenance platform and we treat the security of our infrastructure as a priority item. The reliability of the Maintein Platform is measured by two components: (1) Security measures which consist of preventive measures to protect against intrusion and unauthorized access to data and (2) Recovery measures which consist of both preventive and recovery systems to ensure the continuity of service in the event of a disaster.
SECURITY
SSL
- All information travelling between your browser and the Maintein platform servers is protected from eavesdroppers with 256-bit SSL encryption. The lock icon in your browser lets you verify that you aren’t talking to a phishing site impersonating Maintein and that your data is secure in transit against unauthorized eavesdropping.
Firewalls
- Maintein Platform’s VPC is fully integrated with Azure AWS cloud, backed by AWS standard Security Group firewalls.
- Maintein Platform VPC terminates HTTPS access on internet facing load balancers. Application and database servers are not accessible via DMZ.Intrusion detection
All traffic entering and leaving the Maintein Platform network is monitored by Azure Security, as a standard service provided by Azure AWS. - Maintein employs a second line monitoring to scan additional information on the usage of each CMMS account, and block unauthorized access to the Maintein platform on a per session level.
Encryption
- Particularly sensitive information – credit card numbers, bank account information, and your payment gateway account details – are encrypted and handled by our payment gateway providers, Stripe, which are industry leaders in keeping financial information secure and are certified PCI DSS for storage of sensitive data at rest.
Physical security
- The Maintein VPC service centres located in state-of-the-art data centers within Azzure in multiple locations United Kingdom, the USA and elsewhere. Each center is professionally managed by our primary provider, Azure and their certified affiliates providing biometric access controls, constant surveillance, redundant power feeds and generators, robust fire suppression, and carefully monitored climate control to protect the servers that store your data, community accounts, and manage your Maintein CMMS.
RELIABILITY AND RECOVERY
Redundant servers and datacenters
- The Maintein infrastructure uses redundant storage and servers that are professionally managed by Azure to keep the Maintein Platform and your data available in the case of hardware failure. Additionally, the Maintein Platform implements hot fail-over architecture distributed across multiple Availability Zones comprising up-to-date application servers and storage in a geographically separate data centers in case their primary data center is made unavailable by a disaster or other disruption.
Managed hosting
- Maintein has chosen Azure for our hosting needs. Azure is an industry leader with many blue-chip and Fortune 1000 companies as clients. Maintein carefully and confidently chose Azure to provide the world-class performance and service demanded by our worldwide customers to safely and securely run their mission-critical Maintein asset management systems.
Backups for SaaS
- The data in your Maintein system and account is replicated across multiple database servers in multiple geographic locations to prevent a single failure from causing data loss. Additionally, data is backed up nightly and stored in a secure offsite region to ensure that, even in the event of a catastrophe like a fire, earthquake, tornado or flood, your information will be safe and your records can be quickly restored.
- If you have any security concerns or questions on how Maintein implements security and disaster recovery strategies please contact our Maintein Security and Trust team.
SECURITY INCIDENT MANAGEMENT
- Our Security, Operational (SOC2) and Architectural documentation can be requested with an executed NDA.
- Maintein conducts at least annual penetration testing with third-party security providers as part of SOC2 certification. Critical and High vulnerabilities detected are remediated within 1 month of risk assessment validation.
- Detected and reported Security incidents will be initiated by our team and analysed to understand the impact by the Maintein Security and Trust team.
- Significantly impacting incidents will be communicated to impacted Customers within two business days following verification.
- Customers will be notified using the primary billing contact information.
Customers are required to:
- Ensure secure password policy and access management, not limited to:
- Strong and secured customer-managed credentials
- Unique customer login credentials
- Appropriately managed and stored secrets and access keys
- Manage security and vulnerability risks associated with customer-managed hardware, software, networks and files
Updates:
As our business evolves, we may update our Security Policy. Customers can review the agreement anytime on this page.