At Ecesis (EnviroData Solutions, Inc.), we provide Software as a Service (SaaS) solutions that empower organizations to protect their employees and maintain compliance with environmental, safety, health, and quality regulations. Data security is at the core of our operations, and we have implemented comprehensive security measures to safeguard our clients' information.
Encryption In Transit & At Rest
ISO 27001 Data Centers
SSO & MFA Support
Organizational Security
Background Checks — All employees undergo background checks prior to employment.
Endpoint Security — Employee devices are regularly patched and are equipped with anti-virus software and malware protection.
Security Awareness Training — Employees receive ongoing security awareness training covering phishing, social engineering, data handling, and incident reporting procedures.
Physical Security
Workplaces — Workplaces are secured and locked when unattended to prevent unauthorized access.
Data Centers — Data centers are ISO 27001 certified, reflecting their adherence to rigorous security protocols including physical access controls, surveillance, and environmental safeguards.
Infrastructure Security
Network Protection — Firewalls are used to prevent unauthorized access to our servers, and client data is segregated into unique databases and application pools to protect sensitive data.
Server Hardening — Servers are hardened by disabling unused ports and accounts as well as removal of default passwords and outdated users.
Continuous Monitoring — Servers are actively monitored for malware, vulnerabilities, and suspicious activity through real-time logging and analysis.
Web Application Firewall (WAF) — A web application firewall screens traffic for threats, blocking malicious bots and suspicious IPs before they reach the application.
DDoS Mitigation — Infrastructure includes protections against distributed denial-of-service attacks to maintain application availability.
Software Security
Secure Coding Standards — Developers follow industry-recognized secure coding guidelines to reduce the likelihood of introducing vulnerabilities.
Code Review — Code changes undergo mandatory peer review with an emphasis on security-relevant logic.
Security Scanning — Dependency checking and static analysis are incorporated into the development lifecycle to identify vulnerabilities before deployment.
Developer Security Training — Developers receive recurring security training.
Penetration Testing and Third-Party Assessments — Independent security firms are engaged to assess product and infrastructure security.
Vulnerability Reporting — Ethical researchers are encouraged to report vulnerabilities through our Vulnerability Disclosure Program.
Data Security
Security By Design — Changes to our software solutions are reviewed for security risks at each stage of the development lifecycle.
Data Isolation — Each client's data is stored in dedicated, separate databases to maintain confidentiality and prevent cross-tenant access.
In Transit Encryption — Data exchanged between clients and our servers is secured with TLS/SSL encryption protocols.
At Rest Encryption — Customer data is stored on servers that are encrypted at rest to prevent unauthorized access.
Backup Encryption — Nightly backups are performed and kept in an encrypted state for added protection.
Data Retention and Disposal — Client data is retained in accordance with contractual agreements and securely disposed of upon termination using industry-standard methods.
Operational Security
Backups — Client data is backed up daily, with encrypted and geo-redundant storage for disaster resilience.
Business Continuity — Ecesis maintains a comprehensive business continuity program, ensuring minimal disruption in the event of a disaster.
Change Management — Infrastructure and application changes follow a documented change management process.
Identity and Access Control
Single Sign-On (SSO) — We offer various SSO integration options for seamless authentication with your existing identity provider (SAML, OAuth).
Multi-Factor Authentication (MFA) — Our solutions support MFA, enhancing security and reducing the risk of unauthorized access.
Role-Based Access Controls (RBAC) — Granular, role-based permissions ensure users only access the data and functions appropriate to their responsibilities.
Session Management — Automatic session timeouts and re-authentication requirements protect against unauthorized access from unattended sessions.
Vendor Management
Selection — We carefully evaluate and select vendors based on strict security and compliance standards.
Ongoing Review — Vendor security postures are reviewed periodically to ensure continued alignment with our security requirements.
Incident Management
Breach Notification — In the event of a data breach, we follow strict internal procedures to promptly notify impacted clients and relevant regulatory authorities in accordance with legal requirements.
Business Continuity & Disaster Recovery — Ecesis maintains and exercises a business continuity program to minimize disruptions to our clients should a disaster strike.
Incident Response Plan — A documented incident response plan defines roles, escalation procedures, communication protocols, and post-incident review processes.
Contact Us About Security
If you have questions or concerns about our security practices, please contact our Legal Department at legal@ecesis.net or reach us at:
Ecesis (EnviroData Solutions, Inc.)
1499 West 120th Avenue, Suite 110
Westminster, CO 80234
Phone: (720) 547-5102
Trust Center: trust.ecesis.net
