Product Security & Reliability

SSO

Amperfii offers SAML Single Sign-on (SSO) to allow admins to determine who has access to Amperfii from your existing identity provider/SSO solution.

 

Password and Credential Storage

Amperfii enforces a password complexity standard, and stores credentials using a PBKDF function.

​

Role-Based Access Controls 

Access to data within the Amperfii application is governed by role-based access controls (RBAC). The roles available are as follows:

• Admin Access - Users with Admin Access can change all application settings and manage all workspaces

• Workspace Full Access - Users with Full Access within a workspace are able to manage all data and user access within that workspace

• Workspace Edit Access - Users with Edit Access within a workspace are able to manage all opportunities within that workspace

• Workspace Comment Access (Coming soon) - Users with Comment Access will be able to add commentary on opportunities within the assigned workspace

• Workspace Read-Only Access - Users with Read-Only Access will be able to view all opportunities within the assigned workspace.

​

IP Whitelisting 

Amperfii can be configured to only allow access from designated IP address ranges. These restrictions can be applied to all users. 

​

Cloud Security

Amperfii’s security and availability architecture is built on top of ISO 27002:2013 controls and SOC 2 Focus Points to enable best practice protection controls, implemented based on industry standards. 

​

Physical Security & Data Hosting 

Amperfii uses AWS data centres in Australia. The services and data are hosted in Amazon Web Services (AWS) facilities in Sydney, Australia.

​

Logical Access 

Access to the Amperfii Production Network is restricted by an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our Operations Team. Employees accessing the Amperfii Production Network are required to use multiple factors of authentication and complete extensive background checks along with many technical and administrative controls. 

​

Failover and DR 

Amperfii was built with disaster recovery in mind. All of our infrastructure and data are spread across 3 AWS availability zones and will continue to work should any one of those data centres fail. 

​

Back Ups and Monitoring 

On an application level, Amperfii produces audit logs for all activity, ships logs for analysis and uses S3 for archival purposes. All actions taken on production consoles or in the Amperfii application are logged. 

​

Permissions and Authentication 

Access to customer data is limited to authorized privileged employees who require it for their job responsibilities. Amperfii runs a zero-trust corporate network. We have SAML Single Sign-on (SSO), 2-factor authentication (2FA), and strong password policies on OKTA, GitHub, Google, AWS, and Amperfii to ensure access to cloud services is protected.

​

Encryption

All data sent to or from Amperfii is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL. We also encrypt data at rest using an industry-standard AES-256 encryption algorithm. 

​

Pentests & Vulnerability Scanning

Amperfii uses third party security tools to continuously scan for vulnerabilities. Annually we engage independent third-party security experts to perform detailed penetration tests on the Amperfii application. 

​

Security Incident Response  

In case of a system alert, events are escalated to Amperfii providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication

channels and escalation paths. 

​

Application Security

Amperfii practices extensive processes and controls to ensure application security. All Amperfii engineers utilize common best practices defined by standards like OWASP, NIST and CIS Benchmark. 

​

Framework Security Controls

Amperfii leverages modern and secure open-source frameworks with security controls to limit exposure to OWASP Top 10 security risks. These inherent controls reduce our exposure to SQL Injection (SQLi), Cross Site Scripting (XSS), and Cross Site Request Forgery (CSRF), among others. 

​

HR Security

At Amperfii we ensure that our employees adhere to the highest security standards by implementing extensive employee background checks and multiple administrative controls. 

​

Policies

Amperfii has developed a comprehensive set of security policies based on ISO 27002:2013 ISMS framework and SOC 2 Trust Criteria Focus Points. These policies are updated frequently and communicated to all employees. 

​

Employee Screening

Amperfii performs background checks on all new employees in accordance with local, federal and state laws applicable to our business. The background check includes employment verification, criminal checks, credit checks, deeper historical references and education verification.

​

Confidentiality

All employee contracts include a confidentiality agreement. 

​

Compliance

Amperfii has built its Information Security Management System on top of ISO 27002:2013 controls and SOC 2 Focus Points to ensure the best practice protection controls are implemented based on industry standards and we are compliant with applicable local, federal and state regulations, as well as industry standards. 

​

PCI-DSS

Access to the Amperfii Production Network is restricted by an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our Operations Team. Employees accessing the Amperfii Production Network are required to use multiple factors of authentication and complete extensive background checks along with many technical and administrative controls. 

​

Privacy Policy 

Amperfii's Privacy Policy can be found here.

​

Legal Resources

Amperfii's Terms of Service can be found here.