Security, Compliance, and SLA
Sixth Force’s cloud products have all the necessary security compliance to guarantee that they pass your organization’s security audits.
Independent Auditors continually check the cloud offerings for compliance, security, and privacy;
- 100% Compliance with AWS Foundational Security Best Practices
- 100% Compliance with CIS AWS Foundations Benchmark
- 100% Compliant with SOC2 Type 2
- 100% VPC Compliance for Cloud Infrastructure
AWS Cloud is compliant with the following:
- CSA - Cloud Security Alliance Controls
- ISO 9001 - Global Quality Standard
- ISO 27001 - Security Management Controls
- ISO 27017 - Cloud Specific Controls
- ISO 27018 - Personal Data Protection
- PCI DSS Level 1 - Payment Card Standards
- SOC 1 - Audit Controls Report
- SOC 2 - Security, Availability, & Confidentiality Report
- SOC 3 - General Controls Report
- General Data Protection Regulation. Learn more here.
Learn more about compliance programs here.
AWS Application Server
AWS will use commercially reasonable efforts to make the Included Services each available for each AWS region with a Monthly Uptime Percentage of at least 99.99%.
AWS Database Server
We use single-AZ instances by default which are not covered by AWS SLA.
But Multi-AZ database servers can be availed on demand to get them covered under the SLA.
AWS will use commercially reasonable efforts to make Multi-AZ instances available with a Monthly Uptime Percentage of at least 99.95% during any monthly billing cycle.
Cloud Solution Provider
Our SLA can be found in this End-User Licenses Agreement.
Following are the default measures taken by us:
- Data-at-rest encryption
- Data-at-transit encryption
- 100% Compliance to AWS Foundational Security Best Practices
- 100% Compliance to CIS AWS Foundations Benchmark
There are additional Security features are available as part of the Security-optimized option
AWS Site-to-Site VPN creates encrypted tunnels between your network and your Amazon Virtual Private Clouds or AWS Transit Gateways.
With AWS Site-to-Site VPN, you can connect to an Amazon VPC or AWS Transit Gateway the same way you connect to your on-premises servers.
What are the pre-requisites to setup S2S VPN?
- Network Firewall IP (Public IP).
- Network Firewall CIDR block.
- Vendor, Platform, Software details to download the Site-to-Site VPN configuration file.
Web Application Firewall
AWS Web Application Firewall service lets you filter web traffic with custom rules. Rules are a set of conditions with predefined access control list actions (Block/Allow/Count). Every web request must match all the conditions in the Rule for AWS WAF to allow or block requests. It can block malicious requests and can also monitor and tune your web applications.
How load balancers provide security?
AWS Load Balancer is very secure because it works with Amazon Virtual Private Cloud and provides many robust security features, including integrated certificate management, user-authentication, and SSL/TLS decryption.
Using Amazon Virtual Private Cloud (Amazon VPC), we can to create and manage security groups associated with load balancers to provide additional networking and security options.
AWS Foundational Security Best Practices
AWS Foundational Security Best Practices is a security standard that implements security controls to detect when the AWS accounts and deployed resources do not align with the security best practices defined by AWS security experts.
By enabling this standard, we monitor our security posture to ensure that we are using AWS security best practices. These controls closely align to the Top 10 Security Best Practices outlined by AWS Chief Information Security Office, Stephen Schmidt, at AWS re:Invent 2019.
CIS AWS Foundations Benchmark
The CIS Security Benchmarks program provides well-defined, unbiased, consensus-based industry best practices to help organizations assess and improve their security.
The CIS AWS Foundations Benchmark is used for evaluating an organization’s security posture.
Security Audit Report of Prolaborate
Please email Support[at]prolaborate[dot]com to request the security report.