Menu

Security

Data Center Security and Location

The Coreo infrastructure is hosted on the Heroku platform, which in turn is built on the technology of Amazon Web Services (AWS). Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:

To see Heroku’s full security policy see: https://www.heroku.com/policy/security

All Coreo data is stored within the AWS EU region, on secure servers in Dublin, Ireland.

Data Security

The Coreo Platform

The Coreo platform runs within its own isolated environment on the Heroku platform and cannot interact with other applications or areas of the system run by that vendor. The restrictive operating environment is designed to prevent security and stability issues. The self-contained environment has isolated processes, memory and file system whilst host-based firewalls restrict applications from establishing local network connections.

For further technical information see: https://devcenter.heroku.com/articles/dyno-isolation

Database Backups

The Coreo platform utilises a Heroku Postgres database, which employs a Continuous Protection system to keep data safe. All changes to the database are written to write-ahead logs which are shipped to multi-datacenter, high durability storage. In the unlikely event of an unrecoverable hardware failure, these logs can be automatically “replayed” to recover the database to within seconds of its last known state. 

The database is also backed up regularly and stored on offsite secure storage.

Information Security

We are registered as a data controller with the Information Commissioner’s Office, registration ZA142040.

See also our page detailing our Privacy Policy.

Application Level Security

All passwords within the Coreo platform are salted and hashed. No member of staff can view them. If a password is lost it cannot be retrieved – it must be reset.

All communication within the Coreo platform is encrypted with TLS (see below)

FrontEnd Infrastructure

Parts of the Coreo Platform, including the admin area and some bespoke customer websites, are deployed to AWS CloudFront. AWS CloudFront is a fast and highly-secure content delivery network (CDN) service, providing both network and application level protection. CloudFront’s inbuilt security mechanisms provide a flexible, layered security perimeter protecting against multiple types of attacks including application layer and DDoS attacks.

AWS CloudFront infrastructure and processes are all compliant with PCI-DSS Level 1, HIPAA, and ISO 9001, ISO 27001, SOC (1, 2 and 3) to ensure secure delivery of your most sensitive data.

Encryption In-Transit

All network traffic sent within the Coreo platform, including between Coreo backend servers, websites, mobile applications (iOS and Android) uses industry standard Transport Layer Security (“TLS”) to create a secure connection using 128-bit Advanced Encryption Standard (“AES”) encryption.

There is no non-TLS option for connecting to Coreo – all connections are made securely over HTTPS.

Encryption At-Rest

All data written to disk within the Heroku Postgres database is automatically encrypted at rest.

Breach Notification

Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if we learn of a security breach, we will notify affected users so that they can take appropriate protective steps. We are committed to keeping our customers fully informed of any matters relevant to the security of their account and to providing customers all information necessary for them to meet their own regulatory reporting obligations.

Responsible Disclosure

If you’ve discovered a vulnerability in the Coreo application, please don’t share it publicly. Instead, please submit a report to us via the process outlined below. We review all security concerns brought to our attention, and we take a proactive approach to emerging security issues. Every day, new security issues and attack vectors are created. Coreo strives to stay on top of the latest security developments both internally and by working with external security researchers and companies. We appreciate the community’s efforts in creating a more secure web.

Please email any security concerns to us at: security@natural-apptitude.co.uk

FAQs

Changelog

Close window

Try Coreo

Data is critical to your business or project. Coreo is the total platform solution to transforming the way you collect and manage your most valuable asset. Speak with the Coreo team today to find out how we can help your business or project to flourish..

Introduction to Coreo Video

Online video outlining Coreo's features

Call us

Call us to discuss your exact requirements

Book an online demo with us

We'll walk you through Coreo via a video call
Back

Book an online demo

Find a date that works for you in the calendar and then drop us an email or give us a call. We'll then book you in for a demonstration tailored to your needs.

Requirements for the call

You'll just need access to a computer with a good internet connection - that's it!

August 2020

Mon Tue Wed Thu Fri Sat Sun
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31