Orderful EDI Platform Security
Four-nines of uptime
We’ve been delivering four-nines (99.99%) of uptime for over three years–and we’re not planning on stopping.
Why you can count on Orderful Cloud EDI
When we built Orderful Cloud EDI, we didn’t just focus on offering features that would make EDI transactions faster and easier. We built our platform from the ground up to offer the highest possible levels of security and reliability.
If your cloud EDI platform isn’t live, your business is dead. But as you evaluate potential cloud partners, you’re concerned about more than just uptime–you also need to make sure your most sensitive business data won’t fall into the wrong hands. We’re one step ahead of you. Orderful Cloud EDI leverages the most stringent security technologies. That’s why more and more of the world’s leading brands are trusting us with their EDI transactions.
We take every precaution to make sure your EDI data will go from Point A to Point B–but not Point C. Here’s what we’ll do to keep your business data safe from hackers and other online threats.
- Access to the Orderful platform is only permitted via SHA-256 SSL-secured connections
- Individual Orderful platform accounts have independent access control features
Orderful platform account credentials follow best practices, including complexity requirements, hashing, and salting
- Only TLS 1.2 and TLS 1.0 connections are supported
- Data collected from respondents may be optionally auto-deleted after a configurable expiration window
- Data exported from Orderful can be transmitted via secure HTTPS, SFTP, or FTPS protocols with configurable authentication credentials
- A strict admin content security policy is in place
- All data is encrypted at rest
- Robust AWS SSD hard drives offer redundant volume replication for data and file storage, with automatic alerts of potential failures
- Weekly encrypted full backups
- Daily encrypted differential backups of database and file systems
- Backup retention policy includes secure destruction of expired backups
- Automated checks ensure database integrity and index optimization
- Parameterized queries and stored procedures protect against SQL injection attacks
- All Orderful employees are bound by non-disclosure agreements that cover non-public customer information, and are trained on the sensitivity of such information
- Background checks for Orderful and AWS employees
Data Center Security
- Data centers staffed 24/7/365
- Employee access is restricted to those who have business justification
- Third-party access is further restricted and timebound
- Two factor authentication is required to gain access to server rooms and sensitive areas of the datacenter
- Electronic intrusion detection systems are installed within the data layer to monitor, detect, and automatically alert the 24/7 AWS Security Operations Centers and teams
- Closed circuit video surveillance is in use at all entrance points on the interior and exterior of the building that houses the data center facilities
- AWS data centers maintain industry-recognized certifications and audits: PCI DSS Level 1, ISO 27001, FISMA Moderate, FedRAMP, HIPAA, and SOC 1 (formerly referred to as SAS 70 and/or SSAE 16) and SOC 2 audit reports
- AWS is audited by external auditors on more than 2,600 requirements throughout the year
- The Orderful platform is fully hosted in AWS data centers in the U.S.
- AWS data centers use mechanisms to control climate and maintain an appropriate operating temperature for servers and other hardware, preventing overheating and reducing the possibility of service outages
- Personnel and systems monitor and control temperature and humidity at appropriate levels
Fire Detection and Suppression
- AWS data centers are equipped with automatic fire detection and suppression equipment
- Fire detection systems use smoke detection sensors within networking, mechanical, and infrastructure spaces
- AWS equips data centers with functionality that can detect the presence of water from leaks
- If water is detected, mechanisms are in place to remove water and prevent additional water damage
AWS network redundancy
- The Orderful platform is logically isolated at the network level in AWS into an Amazon Virtual Private Cloud where we can launch AWS resources in a virtual network that we define. Orderful has complete control over this virtual networking environment, including selection of our own IP address range, creation of subnets, and configuration of route tables and network gateways.
- AWS has identified critical system components required to maintain the availability of the system and recover service in an outage. Critical system components are backed up across multiple, isolated locations known as Availability Zones. Each Availability Zone runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. Availability Zones are connected to each other with fast, private fiber-optic networking, enabling you to easily architect applications that automatically fail-over between Availability Zones without interruption.
- AWS Elastic Load Balancers are used to automatically distribute incoming application traffic across multiple Amazon EC2 instances in the cloud. This allows us to achieve greater levels of fault tolerance in the Orderful platform, seamlessly providing the required amount of load balancing capacity needed to distribute application traffic.
- AWS CloudWatch allows us to collects monitoring and operational data in the form of logs, metrics, and events, providing Orderful Support and Engineering teams with a unified view of AWS resources, applications and services. CloudWatch is natively integrated with more than 70 AWS services and is integrated into our extended platform monitoring solution (including New Relic and PagerDuty). CloudWatch is leveraged to set high resolution alarms, visualize logs and metrics side by side, take automated actions, troubleshoot issues, and discover insights to optimize the Orderful platform, and to ensure they are running smoothly.
- Firewalls, routers, switches, and internet backbone connections are all maintained with redundancy and high availability on a 24/7/52 basis by AWS
- Redundant power is provided to all infrastructure routers and switches, as well as the data centers themselves
- Redundant fiber connections are provided to Internet backbone connectivity providers
- Advanced route optimization technology is used to provide efficient routing among the multiple backbone carriers connected to the data center
- Servers are monitored on a real-time basis for availability via ICMP
You can count on Orderful security because we use world-class AWS infrastructure and personnel to store and protect your data.
Network and server security
- AWS firewall-equivalent Security Groups employed at every server to block all unused protocols
- AWS Route Tables configured to restrict traffic, protocols, and ports between subnets
- Databases logically segregated into a private network data tier that is not accessible from the internet, with ingress and egress traffic restricted by AWS Security Groups
- Network and system monitoring provided by AWS CloudWatch Alarms, New Relic application and infrastructure monitoring, SumoLogic centralized log aggregation (with logs encrypted using AES-256 during transport and at rest), and incident alerting and triage using PagerDuty
- Distributed-denial-of-service (DDoS) attack mitigation services available
- Access to Orderful servers restricted to only an approved subset of Orderful’s engineering team via secure VPN connections
- All system administrator access to Orderful servers logged to an audit trail
- Anti-Virus Protection is used to scan servers for viruses and infected files are automatically quarantined
- Dedicated fallback service paired with AWS Internet Gateways, AWS firewall-equivalent Security Groups, and AWS Elastic Load Balancers provides seamless HTTP/HTTPS redirects to customer-specific URL in the event of an interruption to the Orderful service
- Database deployment on AWS RDS Managed Services helps to reduce operational overhead and risk by automating common activities such as change requests, monitoring, patch management, security, and backup services, and provides full-lifecycle services to provision, run, and support the infrastructure
- Immediate alerts to Support teams and automated escalation to Engineering teams in the instance of any such fallback
- New platform software releases go through a five-stage verification process: independent developer verification, QA server test, alpha test, beta test, and engineer-observed final production release
- Hardware failures are replaced expeditiously using AWS native capabilities to spin up new servers or volumes in AWS on demand
- Immediate server replacement available via AWS server and network infrastructure
- AWS Enterprise Support team and specialized support teams for network, hardware, managed services, and general troubleshooting are standing by 24/7/365 for immediate detection and resolution of any such AWS infrastructure failures
- Orderful alerting service on each server automatically notifies the Orderful engineering team in the event of system-level anomalies and exceptions
- Centralized monitoring of all Orderful consoles via that is reviewed daily by Orderful’s engineering and implementation teams