Security is the heart of everything that we do.

GDPR, CCPA, ISO 27001, HIPAA, DSP Toolkit, and more.

Security from Day 1; The people who handle your data at 10to8

 

We follow the Principle of Least Privilege (PoLP).

Only 10to8 Customer Support staff can access your account data in performing their duties only following a request from you. This access is logged and audited. Our staff is unable to access your clients’ data at all.

10to8 staff completes mandatory data compliance training on their first day of work and are required to sign a Data Protection Agreement (DPA) before they start their duties. Data protection trainings are renewed annually.

User permissions; The people who handle your data at your enterprise

 

10to8’s enterprise scheduling platform enables you to assign different permission levels to each user so that your employees can only access and change what they need to.

10to8 can use your SSO Identity Provider (IdP) to securely authenticate the users on your account. We can use metadata from your IdP to grant permissions and access controls within 10to8. Your employees do not need to remember another password, and you can onboard and offboard staff members in a centralized place.

Passwords are stored encrypted and salted, and never in plain text.

Compliance at 10to8

10to8’s expert Compliance Team is always on top of the latest compliance updates and makes sure that our software supports the handling of sensitive data.

GDPR

10to8 complies with the EU and UK General Data Protection Regulations.

HIPAA

We provide tools to safely store medical data, the PHI of patients in the US and can issue a signed Business Associate Agreement (BAA).

CCPA

Our software is fully compliant with the California Consumer Privacy Act.

PCI DSS

We maintain a secure payment processing environment and comply with the Payment Card Industry Data Security Standards.

DSP Toolkit

10to8 is listed on the NHS Data Security and Protection Toolkit under code 8KL47.

ISO 27001

10to8 has been certified by BSI to meet the International Information Security Standards and is registered under IS 705787.

GDPR

10to8 complies with the EU and UK General Data Protection Regulations.

ISO 27001

10to8 has been certified by BSI to meet the International Information Security Standards and is registered under IS 705787.

HIPAA

We provide tools to safely store medical data, the PHI of patients in the US and can issue a signed Business Associate Agreement (BAA).

CCPA

Our software is fully compliant with the California Consumer Privacy Act.

PCI DSS

We maintain a secure payment processing environment and comply with the Payment Card Industry Data Security Standards.

DSP Toolkit

10to8 is listed on the NHS Data Security and Protection Toolkit under code 8KL47.

Vulnerability scanning & penetration testing

 

10to8 is built to be secure from the foundations up – this is automatically tested continuously.

Our systems are subjected to automated vulnerability scanning on a weekly basis, and major items identified during these scans are acted upon immediately. 10to8’s systems also undergo manual penetration testing annually, by CREST Certified penetration test experts.

We are happy to send you our Security Whitepaper and more information upon request.

Safety first; Hosting, third-parties, encryption

Security and compliance are the heart of everything we do and we only work with providers that follow the same ethos.

AWS Hosting

Our services are hosted in Amazon’s Secure Data Centers across multiple availability zones with warm-standbys to provide emergency backup systems. Backups are automated, isolated, and encrypted. Amazon’s data center operations have been accredited under ISO 27001, SOC 1, and SOC 2.

Third Parties

10to8 uses some third parties to provide its service, such as sending emails, SMS, and voice calls, and synchronizing calendars. All data in transit is encrypted. We audit all data that is shared with third parties annually, and we have GDPR Compliant Data Processing Agreements in place with all of them.

Encryption

All data is encrypted using the industry-standard AES-256 algorithm provided by Amazon’s RDS systems. 10to8 can only be accessed over HTTPS, with automatic HTTP redirects in place. 10to8’s HTTPS certificate is RSA 2048 bits (SHA256withRSA), and supports TLS 1.2.

AWS Hosting

Our services are hosted in Amazon’s Secure Data Centers across multiple availability zones with warm-standbys to provide emergency backup systems. Backups are automated, isolated, and encrypted. Amazon’s data center operations have been accredited under ISO 27001, SOC 1, and SOC 2.

Third Parties

10to8 uses some third parties to provide its service, such as sending emails, SMS, and voice calls, and synchronizing calendars. All data in transit is encrypted. We audit all data that is shared with third parties annually, and we have GDPR Compliant Data Processing Agreements in place with all of them.

Encryption

All data is encrypted using the industry-standard AES-256 algorithm provided by Amazon’s RDS systems. 10to8 can only be accessed over HTTPS, with automatic HTTP redirects in place. 10to8’s HTTPS certificate is RSA 2048 bits (SHA256withRSA), and supports TLS 1.2.
Find out how 10to8’s enterprise scheduling system will fit into your organization. Book a discovery call with one of our consultants.

Contingency planning & disaster recovery

 

10to8 has Business Contingency Plans in place to restore 10to8 systems in case of catastrophic failures. These include Data Center failures, Database failures, and Server failures. These plans are tested and audited regularly.

Our systems are robust and reliable; Our server uptime is 99.95%.