Certain Information Technology
Introduction
This document outlines the data retention policy used by Certain, Inc. in its suite of applications. All elements of the Certain Information Technology Operations and Security Program are structured to minimize or prevent damage that could result from accidental or intentional events. This includes actions that might lead to breach of confidentiality, result in fraud or abuse, or delay the execution of operations.
The scope of this policy includes all Certain services that store customer and corporate data. In particular, the Certain services at our third party hosted facilities.
This document will be updated and revised as part of efforts by Certain to continuously improve its services to customers. Changes will be communicated broadly and directly with customers to ensure service delivery remains aligned with both compliance and regulatory requirements, as well as customer-specific needs.
1. Data Environments
Certain operates multiple operational data environments. These environments utilize Microsoft SQL 2017 Enterprise edition data replication to provide data integrity and availability. These environments are built on the Windows Server 2016 operating system. These environments use clustering capabilities to ensure high availability and fault tolerance.
The primary operational environment is located in multiple datacenters in North Virginia. Certain also uses additional environment in Oregon and Ohio.
2. Data Management
Certain has highly refined backup policy that governs its backup procedures. This policy defines the frequency of back ups. This policy defines how backups are maintained and migrated throughout the data lifecycle.
Certain systems leverage several tiers of storage as part of the data backup policy. This policy also defines the duration data is retained in each tier. All data is encrypted using Microsoft SQL 2017 Enterprise Transparent Data Encryption (TDE). The respective keys are managed via a dedicated Hardware Security Module (HSM).
2.1 Certain Platform
Certain operating environments are backed up to ensure data is protected throughout all stages of the data lifecycle. These systems and the data are located within the United States.
The backup procedures include full, differential, and log backups. These backups occur at a high frequency. Data backups are stored on high speed media for a period of three days. Data backups are migrated to secondary archival disk-based storage for a period of 30 days. Data backups are also placed on a tertiary location.
This data is generally retained for a period of 3 years.
2.2 Marketing Automation
Marketing Automation integrations connect Certain to Marketing engines like Marketo or Eloqua. Registrations created in the Certain applications are stored in the events database.
These registrations are transferred through the integration as "leads" to enrich marketing campaigns. These integrations store logs pertaining to audit and telemetry data for 21 days.
2.3 Single Sign On
Single Sign On (SSO) Manager stores identity provider connection information. Single Sign On (SSO) Manager stores logs pertaining to audit and telemetry data. Single Sign On (SSO) Manager stores processed connections for 21 days.
2.4 Bulk API
Bulk API uses Elasticsearch for providing & bulk data access. Data is retained for thirteen months only. Any data older than thirteen months is automatically deleted via a job that runs daily.
3. Data Protection
Data Encryption — At Rest
All data stored within the Certain system is encrypted in databases using Microsoft SQL Enterprise 2017 server Transparent Data Encryption (TDE) technology. The encryption mechanisms utilize keys. The keys are managed via a dedicated Host Security Module (HSM) service layer.
Data Encryption — In Archive
High grade encryption using AES-256 encryption is used for all backups. This level of encryption is maintained throughout the data archival process.
The data archival process includes the period when full backups are initially created. The data archival process includes the period when backups are moved to secondary archival locations. The data archival process includes the period when backups are moved to tertiary archival locations.
Data Encryption — Key Management
The effectiveness of encryption depends on managing the security of encryption keys throughout their life cycle. Therefore, encryption keys are maintained to prevent disclosure to unauthorized persons.
Encryption keys are limited to a group of custodians that require this access. At Certain, keys are managed in compliance with PCI DSS requirements.
Certain uses an HSM device for all key management activities. Key management activities include creation. Key management activities include usage. Key management activities include storage. Key management activities include destruction of key encryption and data encryption keys.
Data Encryption — In Transit
High grade encryption is utilized to protect all communications between customers and the Certain services. Communications are secured via transport layer authentication and transmission encryption mechanisms based on HTTPS (TLS-based encryption).
Any non-secure HTTP request is redirected to HTTPS. Currently enforced cipher suites include TLS 1.2, AES-256, and either SHA256 or SHA384.
4. Data Destruction
All Confidential data that has been stored on electronic media and has reached its maximum retention is eliminated. Confidential data that is no longer needed for business purposes is eliminated.
Data destruction is in line with Department of Defense DoD 5220.22-M. This process ensures that data is effectively destroyed and irrecoverable.
5. Data Recovery
Data recovery is possible through several approaches. Data recovery is possible by restoring from data backups stored in primary, secondary or tertiary storage.
In case of a major disaster event, Certain would enact its disaster recovery and business continuity plan. This plan restores services and data to Certain's failover site in Ohio.
6. Data Breach or Loss
Incidents involving suspected or confirmed loss of data or data breach are handled as part of Certain's incident and security response policy.
This policy includes handling, documentation, escalation, notification, and issue resolution. Ongoing communication with impacted customers is provided by the assigned customer success manager and the primary customer point of contact.
7. GDPR Compliance
Certain, Inc. adheres to the GDPR. Certain, Inc. has created the functionality necessary to meet its stringent requirements.
This functionality is available across Certain's platform of services. Customers can respond to Data Subject Rights (DSR) requests "to be forgotten". Customers can select one or more profile records. Customers can anonymize the personally identifiable information (PII). Customers can mark records for deletion.
Data that has been marked for deletion can then be purged by Certain when requested by customers.
8. Data Archiving
If a customer is interested in retrieving data before its purged, any of the following approaches may be used.
8.1 Certain Application APIs
Certain platform offers a rich set of Open APIs (https://developer.certain.com/api2docs/). These Open APIs enable users to pull-push data for most data objects.
Customers who have an internal data warehouse or system of record are recommended to build an integration. This integration pulls data from Certain application at regular intervals via APIs. All APIs offer delta pull feature. Delta pull feature pulls only data that has changed since last time to facilitate optimal data flow between systems.
8.2 Reports
Certain platform offers a rich set of data sets to use for reporting. Users can customize the content of a report. Users can customize fields of information to include.
Users can apply data filters. Users can extract information in different file formats, including HTML, XLS, CSV, PDF etc. We recommend customers coordinate with Certain support when such a data extraction is planned to ensure reliable system performance when huge reports are executed for data extraction.