Infrastructure
EventsCase is hosted on Amazon Web Services Ireland (AWS) infrastructure. The AWS Cloud infrastructure is built around Regions and Availability Zones (AZs). AWS Regions provide multiple, physically separated and isolated Availability Zones which are connected with low latency, high throughput, and highly redundant networking. EventsCase servers are located in the Ireland Region.
AWS maintains multiple certifications including ISO 27001 Security Management Controls, ISO 27018 Personal Data Protection and PCI DSS Level 1. See full list here: https://aws.amazon.com/compliance/
Depending on the package purchased, it is possible to have a dedicated server or customised server architecture (not shared with other clients).
Encryption
EventsCase uses Amazon RDS encrypted instances using the industry standard AES-256 encryption algorithm to encrypt data at rest. The infrastructure is also only accessible from a certain list of private IPs. All activity is logged and audited by Amazon as EventsCase keeps records of any change in the infrastructure.
All transactions are made under secure protocols; credit card data is not stored on any device.
Monitorization
We have 24/7 staff to monitor and maintain the servers. Together with external consultants, the security and correct operation of the server infrastructure is audited and the relevant security updates and performance improvements are made. ( 720tec )
The infrastructure is monitored using specialized tools in combination with software for analysis and data visualization. These systems are able to detect possible issues in advance to keep the EventCase team automatically informed of any unusual activity.
Security Audits
EventsCase has a specialized team dedicated to ensure and maintain the security of its systems; periodical security checks are done by the said team. Some EventsCase clients may also realize their own periodical, penetration audits over their systems. For clients who want to realize their own security audits, please contact EventCase for more information (only available for clients with separate infrastructures).
Confidentiality
According to the EventsCase Terms and Conditions, any input material or other confidential information provided by the client shall be kept confidential by EventsCase and not be used for any other purpose outside the defined service agreement.
Some data introduced by clients can be converted to public information, relative to chosen system configurations, such as website information published on the public domain.
Technological environment:
EventsCase is an online platform based on current technologies that is accessible from any browser. As a cloud software, it does not require installation on client computers. The system is compatible with the vast majority of browsers except for versions that are deprecated and have ceased to be supported by their developers for security reasons.
The software is developed, tested and implemented by an internal team. We do not outsource product development to third parties or share confidential data with any other company. Likewise, the source code is not shared under any circumstances with any of our clients.
Software Development Lifecycle
The EventsCase development process is based on agile methodologies and specifically adapted to the company’s organizational structure, philosophy and principles. Depending on the task, software development should follow a different workflow to include processes like analysis, documentation, team member review, security checks, automatic and manual testing, etc.
Any change on the code could be reverted as EventsCase maintains a detailed documentation of the software and its change log.
All the tasks are managed and prioritized every development cycle using Jira (Atlassian) software every one to two weeks, or as needed, depending on the project.
EventsCase also has special protocols for web design and front-end design related to its websites and corporate websites service. More information found here: https://ecdesign.eventscase.com
Incident Management and Response
In case of software malfunction or service disruption, EventsCase has a dedicated team of senior developers who work with assigned project managers and the support team. Once EventsCase is notified of any significant failure (bug) through the Help Center or through other alternative channels, the senior developers are automatically notified in order to resolve the case.
Staff Practices
Each new member of the EventsCase team has to agree and understand the company’s security and data privacy protocols where it is specified how client data is managed and protected following GDPR and other pertinent data protection laws. All employees are committed to ensuring the integrity and security of client data.
The EventsCase team is given different levels of access depending on their role and their need to access information to complete their tasks. Only a small part of the team is allowed access to client data. These team members are prohibited from using these permissions to access your data unless it is necessary to do so.
Data Manipulation
The system provides clients different ways to export, introduce and delete data by themselves via the dashboard interface. If so requested by the client, EventsCase is able to completely delete all related client information and data from the system – excluding data that should be saved according to the law. EventsCase’s customer support team can assist clients for any enquiries related to data manipulation.
Legal consultants:
At EventsCase, we have Legal Consultants specialised in privacy policy that supervise our
procedures and conduct periodic internal training. This is done to ensure correct and continual compliance with data protection laws and to prepare for the implementation of the new "General Data Protection Regulation".
Continuous training:
To ensure updated and correct compliance with the said procedures, EventsCase staff holds periodic meetings with specialised lawyers to review any incident or doubt related to the legal obligations of EventsCase as a provider of an event management software.
Furthermore, periodic training is carried out by the personnel in charge of the different departments to guarantee that procedures are complied with and that any changes are assimilated by the entire staff.