LedgerLens.io uses enterprise-grade security and administrative controls. All data is encrypted at rest and in transit. This protects data in three key ways:
Data Storage and Disaster Recovery Systems
Full backups run nightly. All data is replicated to at least three physically separate data centers operated by Amazon Web Services (AWS). AWS has successfully completed multiple SAS70 Type II audits, and now publishes a Service Organization Controls 1 (SOC 1), Type 2 report, published under both the SSAE 16 and the ISAE 3402 professional standards as well as a Service Organization Controls 2 (SOC 2) report. In addition, AWS has achieved ISO 27001 certification, and has been successfully validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS). AWS has obtained a favorable unbiased opinion from its independent auditors. SAS70 certifies that a service organization has had an in-depth audit of its controls (including control objectives and control activities), which in the case of AWS relates to operational performance and security to safeguard customer data. Learn more about our AWS security and compliance here.
LedgerLens.io supports multifactor authentication, including Microsoft Authenticator, Google Authenticator, and Authy.
LedgerLens.io’s hosting partner, Amazon Web Services (AWS), has successfully completed multiple SAS70 Type II audits, and now publishes a Service Organization Controls 1 (SOC 1), Type 2 report, published under both the SSAE 16 and the ISAE 3402 professional standards as well as a Service Organization Controls 2 (SOC 2) report.
LedgerLens.io is in compliance with the EU General Data Protection Regulation (GDPR). You can view our GDPR / European Economic Area Notice at https://LedgerLens.io.com/gdpr.
The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian federal law that applies to the collection, use, and disclosure of personal information in the course of commercial activities in all Canadian provinces as supplemented by substantially similar provincial privacy laws in Alberta, British Columbia and Québec. PIPEDA also applies to international and interprovincial transfers of personal information. LedgerLens.io customers have the option to host their data on Amazon Web Services (AWS) Canada Central Region. Please contact sales to learn more about this feature.
LedgerLens.io enables users to comply with HIPAA. In order to meet the HIPAA requirements applicable to our operating model, LedgerLens.io aligns our HIPAA risk management program with NIST 800-53, which are higher security standards that map to the HIPAA Security Rule. NIST supports this alignment and has issued SP 800-66 An Introductory Resource Guide for Implementing the HIPAA Security Rule, which documents how NIST 800-53 aligns to the HIPAA Security Rule.
