Airship Security Measures through April 2022
For Airship Customer Engagement Platform and Apptimize Platform
Date: August 11, 2021 — Previous Version
Airship shall maintain appropriate technical and organizational measures for the Service to ensure a level of security appropriate to that risk, including, the measures described in this document (the “Security Measures“). Airship may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Service.
“Airship” means Airship Group, Inc. and its operating divisions, subsidiaries, affiliates and branches.
“Customer Data” means electronic data and content processed by Airship via the Service, or provided to Airship by or for Customer via the Service.
“Data Breach” means a breach of security of the Service leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, Customer Data in the Service.
“Service” means the Airship Customer Engagement Platform (“CEP”), the Apptimize Testing Platform (“Apptimize”), and any other services or functionalities related to either the CEP or Apptimize.
“SOC2 Report” means a confidential Service Organization Control (SOC) 2 Type II report (or a comparable report) on the Service examining logical security controls, physical security controls, and system availability, as produced by a Third Party Auditor in relation to the Service.
“Third Party Auditor” means an Airship-appointed, qualified and independent third party auditor.
2. Information Security Program and Attestations
Airship maintains an information security program that includes the adoption and enforcement of internal policies and procedures and designed to (a) satisfy these Security Measures, (b) identify reasonably foreseeable security risks and unauthorized access to the Service, and (c) minimize security risks, taking into account the state of the art, the costs of implementation, the nature, scope, context and purposes of processing, and the risk of varying likelihood and severity for the rights and freedoms of natural persons. A Third Party Auditor assesses the Airship CEP (which includes mobile app, email, API, and SMS solutions, and Apptimize) annually for compliance with the SOC 2 Type II availability, confidentiality, and security trust principles. The Third Party Auditor issues a SOC2 Report, which is available to the Customer upon request under signed NDA. The Airship SOC2 Report includes the cloud provider subprocessors used by Airship, but not the other subprocessors.
3. Access Controls
(a) Data Center Access Controls.
- Leading Cloud Data Centers. Airship uses Cloud Platform (Google Cloud) or for certain Airship customers, depending on location or the Airship services subscribed to, Amazon Web Services (AWS), to provide infrastructure services to host and operate the Service. By using Google Cloud’s Trusted Infrastructure or AWS’s Security, Identity, and Compliance Service, Airship is able to take advantage of their sophisticated security environments.
- Physical Access Control. The cloud data centers used to provide the Service are Tier 4 certified, ISO 27001, and SOC 2 Type II certified computing facilities. These cloud data center facilities maintain on-site security operations responsible for all physical data center security functions 24 hours a day, 7 days a week, with CCTV monitoring and access controls. The CCTV monitoring footage is kept for 90 days.
(b) Logical and Data Access Controls.
Infrastructure Security Personnel. Airship’s dedicated infrastructure security team is responsible for the ongoing monitoring of Airship’s security infrastructure, review of the Service, and security incident response.
Privilege Management. Airship personnel with access to the Airship customer account or technical management systems are required to authenticate themselves via logical access controls with multi-factor authentication in order to administer the Service. Any access to customer data by an Airship representative is logged and tracked in real time, with oversight from the security team. In addition, Airship has implemented these additional privilege management measures:
- Internal Data Access Processes and Policies. Airship’s internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process data in the Service.
- Access Management. Airship employs a centralized access management system to control personnel access to production servers for the Service to a limited number of authorized personnel. Central network-based authentication systems are designed to provide Airship with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information for the Service. Airship requires the use of unique user IDs, strong passwords, two factor authentication and access lists for Airship personnel to access the Service. Airship personnel are granted access rights to the Service based on: (i) the authorized personnel’s job responsibilities; (ii) job duty requirements necessary to perform authorized tasks based on least privilege; and (iii) a need to know basis. The granting or modification of access rights must be performed in accordance with Airship’s internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Log-ins to the Service are logged into the Security Information and Event Management system (SIEM).
- Access Controls. Security events for the Service, including login failures, use of privileged accounts, changes to access models or file permissions, modifications to installed software or operating systems, changes to user permissions or privileges are logged on the relevant systems. Logs are generated through monitoring and alerting systems, and are held from 30 days to 1 year, depending on the system.
4. Network Security
(a) Data Transmission. Airship makes HTTPS encryption (also referred to as TLS connection) available for data in transit to or from the Service. Clear text HTTP connections to the Service are disabled by default.
(b) Intrusion Detection. Intrusion detection is intended to provide insight into ongoing attack activities and provide adequate information to respond to incidents. The intrusion detection measures used by Airship involve:
- controlling the size and make-up of Airship’s attack surface through preventative measures;
- employing intelligent detection controls at data entry points; and
- employing technologies that automatically remedy certain dangerous situations.
5. Application Security
(a) Software Development. Airship employs a static code review process to increase the security of the code used to provide the Service. This code is reviewed and approved based on peer review prior to staging the code. All development for the Service is based on Secure Development Lifecycle (SDLC) model in accordance with Airship’s development policies.
(b) Standards Compliance. Airship adheres to an “out of the box” default security standard in alignment with OWASP Top 10 best practices, CIS controls, and SOC 2 Type II principles.
(c) Data Integrity. Measures are in place to prevent corruption of stored Customer Data due to a malfunctioning of the Service. These include: patch management, change control procedures, QA testing prior to release, ACID compliant databases, and logging of all changes to production systems for the Service.
(d) Data confidentiality. Airship has implemented measures to encrypt data in-transit, and at-rest. In addition, Airship uses data pseudonymisation as needed to comply with customer requirements and regulations.
(e) In-Application Security. Robust application security measures Airship offers include Multi-Factor Authentication (MFA), Single Sign-On (SSO), Role Based Access Control (RBAC), configurable password complexity, segregation of duties, logical separation of customer data, and exportable event logs.
6. Operational Security
(a) Redundancy. Airship infrastructure systems are designed to eliminate single points of failure and minimize the impact of anticipated environmental risks. To provide this redundancy, Airship uses dual circuits, switches, networks and other necessary components.
(b) Server Operating Systems. Airship servers use Server Operating System based implementation customized for the application environment. Industry best practice hardening standards, including CIS benchmarks, are used. Data in the Service’s production environment is stored using whole disk AES256.
(c) Business Continuity. Airship replicates critical data over multiple systems and locations to help protect against accidental destruction or loss of data in the Service. Airship has established a baseline RPO and RTO, which is available upon request with a signed NDA. At least on a daily basis, Airship backs up to a separate cloud region from the region used for the Service production servers. Replicated data is stored at rest in AES256 encrypted format. Airship has implemented and regularly tests its business continuity planning/disaster recovery programs.
7. Customer Data
(a) Data Storage and Separation. Customer Data is stored in a multi-tenant environment on public cloud servers. Airship logically separates Customer Data in the Service, and conducts tests at least annually to confirm logical separation.
(b) Data minimization. Airship makes available to Customers via the Service capabilities to determine the types of data to be collected based on the processing purposes defined by the Customer. These capabilities include the option to disable data collection in order to prevent collection of any data (with the exception of the data collection opt-in status). In addition, Airship will keep data only as long as necessary in accordance with the Airship Data Retention Schedule.
(c) Data Retention and Deletion. Airship makes available data deletion functionalities directly in the Airship API. Airship will delete all Customer Data in the Service production servers 90 days after termination of Customer’s contract. In addition, certain Customer Data stored in Airship CEP will be deleted on an ongoing basis in accordance with the Airship Data Retention Schedule. Backup data is stored in AES256 format and deleted in 7 days.
(d) Data Portability. For accounts that do not have Airship’s Real-Time Data Streaming (RTDS), Airship makes available to Customers data export functionalities for certain metadata directly in the various Airship API services offering endpoints. For these types of accounts, Airship can provide assistance for more robust data export requests via requests to Airship Support. Accounts with Airship’s Real-Time Data Streaming (RTDS) service also have the ability to export more granular data throughout the lifetime of the service. All data exported from Airship API’s are in the open-source JSON format. Airship Support can assist with special data export requests (E.g. Legal Holds and Legal Exports).
(e) Localized Data Hosting. By using the Service, Customer consents to storage of Customer Data in the United States or in the European Union, as follows. If the Customer has selected the United States data center location for the Airship CEP or Apptimize, all Customer Data stored is located in the United States. If Customer has selected the European Union as the data center location for the Airship CEP or Apptimize, all Customer Data is located in the European Union. Live Customer Data is not replicated back and forth between the EU and US data center data set. Customer Data may be transferred to and accessed from the Airship subsidiaries locations for technical support, error fixes, and other product related services.
(f) Pseudonymization and Encryption. Airship will ensure data is encrypted during transmission to and from the Service. In addition, Airship will keep all data encrypted at rest with Whole Disk Encryption using AES 256 standard. The Service includes additional measures that Customers can configure in order to reduce direct references to persons during processing where it is possible to associate data with a specific person only if additional information is included. Airship has put in place appropriate technical and organizational measures to keep the pseudonymized information separate from the additional information. It is the Customer’s responsibility to elect to use these additional measures for pseudonymization of personal data processed in the Service.
(g) Restoring data from data loss. Airship’s relational databases and NoSQL data stores are automatically backed up in a secure fashion on both daily and weekly schedules. Should a data loss event occur, Airship will be able to recover data contained in these backups.
8. Data Breach Management
If Airship becomes aware of a Data Breach, Airship will notify Customer of the Data Breach within a period not to exceed 48 hours from confirmation of the Data Breach. Airship will take reasonable steps to minimize harm and secure Customer Data. Notification(s) of any Data Breach will be delivered to the email address provided by Customer in the Agreement or in the administration console of the Service. Customer acknowledges that it is solely responsible for ensuring that the contact information set forth in the Agreement (or in the administration console of the Service) is current and valid. Customer agrees that “Data Breaches” do not include: (i) unsuccessful access attempts or similar events that do not compromise the security or privacy of Customer Data, including pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems; or (ii) breach of security of systems outside of Airship’s control where Airship is not itself made aware of a data breach.
9. Personnel Security
(a) Background Checks. Airship conducts employee background checks to the extent legally permissible and in accordance with applicable local labor law and statutory regulations.
(b) Employee Training. Airship employees are required to (a) execute a confidentiality agreement; (b) undergo annual security training, and (c) if handling Customer Data, complete additional requirements appropriate to their role.
(c) Employee Code of Conduct. Airship employees are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards.
10. Privacy by Design
Airship employs Privacy by Design and Privacy by Default principles in its development and operations processes.
11. Authorized Subprocessors
(a) Subprocessor Security. Prior to onboarding subprocessors, Airship conducts a selection process to evaluate the subprocessors’ security, privacy, data protection, and confidentiality practices and to assess that subprocessors provide a level of security, data protection, and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Where applicable, Airship enters into data protection agreements providing equivalent obligations as those required from Airship as set forth in the Airship Data Processing Addendum. Subprocessors are re-authorized upon contract renewal or on an annual basis.
(b) Subprocessor List. A current list of Airship’s Subprocessors is available here.