Welcome to MindPro Security FAQs

Here you can find the most frequently asked questions from our clients and evaluators. 

 

Category

Question

Answer

Category

Question

Answer

Customer Data

Do you store customer data from the customer Atlassian instance?

A. Any client’s data is encrypted following industry standards and stored in AWS’s RDS database which is encrypted using AES-256 algorithm. Also, the client’s sensitive fields (such as client secret required for our Mindpro Sync app) are also encrypted again with the same algorithm.

This database can only be accessed either by the app itself hosted in AWS’s EC2 instance or externally thru the secured VPN.

Customer Data

What is the jurisdiction(s) of where this data is hosted?

A. App's database is hosted in Amazon AWS RDS, in Virginia (us-east-1) and the legal region is Brazil.

 

Sensitive Data

Is your application designed to access or store sensitive information? (For example: Credit card data, Personally Identifiable Information, Financial data).

A. No sensitive information is stored in our apps.

Security Policy

Do you have an Information Security Policy with supporting Standards and Procedures?

Yes, we enforce Information Security Management System (ISMS) with Information Security Policies, Standards and other procedures. A copy of this policy can be request on demand by our customers.

Audits

Do you undertake audits or other reviews to ensure that security controls are being implemented?

A. Yes, while building and evolving our apps we have a security-first approach, and our development team performs daily peer code review sessions. Our Security & Compliance team performs proactive and recurrent vulnerability assessments against all our assets and infrastructure ( using leading security tools.our Security & Compliance team performs weekly and monthly audits and risk assessments, all findings must be addressed and remediated.

Tools

What tools do you use to perform security audits?

A. Currently our security toolset is based on the following tools:

Notifying Atlassian

Do you have mechanisms to notify Atlassian in case of a security breach?

A. Yes, we have a proper incident response policy based on Atlassian's recommended security guidelines, and our Security & Compliance team is ready to cooperate with additional assistance and analysis.

Employee Access

Do your employees (e.g. developers or system administrators) have access to Atlassian customer data?

A. No, we do not store any personal or customer data.

Confidentiality

Are all personnel required to sign Non Disclosure Agreement (NDA) or Confidentiality Agreements (CA) as a condition of employment to protect customer information?

A. Yes, all our employees have to sign Confidentiality Agreements, Non-Disclosure Agreements, and our Information Security Policy.

Managing Security Vulnerabilities

How do you handle a security vulnerability being identified in your code.

A. We adhere to all of the security requirements enforced by Atlassian for cloud apps, outlined in the "Security Bug Fix Policy For Marketplace

Disaster Recovery

Do you have Business Continuity and/or Disaster Recovery Plans?

A. Yes. Our infrastructure is based on Cloud (Amazon AWS) and backups are performed every 7 days or less. We have fail back redundancy systems for critical systems, such as VPN, etc.

Data Recovery

Do you have capability to recover data for a specific customer in the case of a failure or data loss?

A. Yes, if any data is stored on our premises we can restore up to 7 days, and snapshots are performed daily.

Need more info?

For security, privacy or other related questions: security@mindproapps.com