Compliance and Information Security
LAST UPDATED ON 2ND SEPTEMBER 2019
We understand information security is paramount for all businesses, this page gives detailed information that will be useful to your IT team to understand Serverless360’s development standards and policies.
- This compliance and information security policy applies to all our customers from small start-ups to large enterprises.
- We take information security seriously and invest in best-in-class third-party tools that help us run specific support services.
Our commitment to user experience
We care about user experience and we have taken careful steps to include constant learning process like design thinking in our development routine. We try to reduce complex workflows that will help the customers to reduce spending on expensive training and hand hold sessions. Serverless360 maintains equal importance to UX and UI parameters to mitigate any complex challenges.
- Serverless360’s user interface is built to reduce the complexities faced in the Azure portal
- At present, Serverless360’s user interface supports the English language.
- Enterprise customers can choose Private Hosting version to authenticate with Azure Active Directory for a Single Sign-on (SSO) experience.
Serverless360 infrastructure maintenance
- Serverless360 infrastructure is built by 2 major components – an industry-standard REST API and a client user interface(UI), which entirely depends on the API to function. No business logic exists on the user interface.
- Serverless360 is offered with both SaaS and Private Hosting models. Under SaaS hosting model security, scaling, maintenance, threat mitigation and many other aspects are handled by our in-house team of expert developers working in UK and India offices.
- Serverless360 SaaS user interface is built using Angular 6. All heavy lifting is done via the API.
- Authentication mode can be chosen between Basic mode (email & password) or Azure Active Directory mode. The choice can be made at the time of sign up.
- Serverless360 SaaS is entirely hosted on Microsoft Azure in West Europe.
- In Serverless360 SaaS, for databases – we maintain customer data in Azure SQL elastic pool, wherein each customer has a separate database.
- No access to the database is possible from the outside web – it resides within a private subnet on Microsoft Azure.
- All data is encrypted in transit – for both the API and the UI.
- We use Serverless360 for real-time alarms, alerts, and monitoring.
- We auto-scale our app services and cloud services based on the CPU usage and processor load.
User support and billing
- We use a helpdesk platform called Intercom to offer online ticketing.
- Support tickets can be created by emailing us and within the client UI.
- Depending upon the complexity and severity of the issue reported, we assign 2nd or 3rd level support engineers.
- Our billing is run via a vendor called Chargebee and use Stripe to verify Credit card validity. They are PCI DSS Level 1 Compliant. We never store any billing information on our side.
- As part of our support, we offer phone/web call support and/or live-chat support inside the client UI.
Release management and automated testing
- Visual Studio Team Foundation Service is used, along with feature branches to ensure clean merges of code.
- We employ strict QA and CICD pipeline for all commits.
- Our releases go through a manual QA process on a staging environment before being released on production.
- We automatically capture exceptions and issues and stores it in Azure Table Storage.
Serverless360 supports browsers that use modern versions (1.2 and 1.3) of the TLS protocol. The minimum browser versions required to use Serverless360 application are as follows:
- IE7 on Windows Vista
- Google Chrome on Windows Vista or OS X 10.5.7
- Mozilla Firefox 2.0
- Opera 8.0 (with TLS 1.1 enabled)