Security

Commitment to Security and Privacy

At Athena Workflow, the security of your team and client information is a high priority for us. If you have any questions after reading this, or believe you have encountered an issue affecting security or privacy, please let us know by contacting us at [email protected].

PCI

We use Stripe for encrypting and processing credit card payments. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1, the most stringent level of certification available in the payments industry. For more information, refer to Security at Stripe

Sensitive Information

This refers to credit or debit card numbers, personal financial account information, Social Security numbers, passport numbers, driver’s license numbers or similar personal identifiers, racial or ethnic origin, physical or mental health condition or information, other employment, financial or health information, or information about individuals under the age of 16.

Subscribers provide payment information including credit card information, which is stored with a PCI-Compliant processor.

Third Parties

Athena Workflow relies on a number of third-party systems and components to serve our customers, from a 3rd party CRM vendor in Sales to external hosting for our Application. All 3rd party tools are evaluated to ensure that they meet our security and privacy requirements.

Application Security

Hosting Infrastructure

Our application and all associated customer data is hosted in US data centers . These data centers have been certified to:

  • ISO 27001

  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)

  • FISMA Moderate

  • Sarbanes-Oxley (SOX)

To learn more about the Physical Security, Environmental Safeguards, Network Security, and Vulnerability Management of our hosting infrastructure.

Security Scanning

The Athena Workflow application receives annual security scans from Cigital to maintain its listing with Apps.com platform. These scans determine our application’s ability to resist common attack patterns and identifies vulnerable areas that may be exploited by a malicious user. Cigital determines that Athena Workflow security controls are effective in resisting common attack patterns like:

  • Input Validation Attacks

  • Confidentiality Attacks

  • Authorization Attacks

  • ​SQL Injection

All issues identified by the security scans are addressed as soon as practicably possible.

Backups & Disaster Recovery

Backups

Our data is continuously and automatically backed up. Backups are stored on physically separate systems and are tested regularly.

Disaster Recovery

Our hosting provider is designed for stability, mitigates common issues that can lead to outages, and can recover failed components.

Athena Workflow periodically tests our ability to redeploy our application in the event of catastrophic failure at current data centers.

Data Protections

Data in Transit

Athena Workflow supports TLS 1.2 for all client connections, when possible. For the most secure experience, make sure you are using the latest version of a TLS supported browser. Check your browser TLS compatibility using at SSLLabs.com.

Data at Rest

Data at rest is protected by AES-256, block-level storage encryption.

Development Practices

Athena Workflow designs all our internal and external systems with the security and privacy of customers in mind. All changes to infrastructure or applications are reviewed for security and privacy impacts. We monitor multiple channels of information and use various monitoring tools to evaluate the security of our systems. Any issues found in the Athena Workflow application is assessed, ranked for risk, then prioritized for mitigation.

Access to Customer Data

Athena Workflow employees are granted access to Customer Data when required to fulfill their duties, which includes everything from assisting customers with questions to evaluating the impact of changes on the system. All Athena Workflow employees undergo pre-employment background checks and are given frequent guidance on how to securely handle all customer data. All access is revoked when an employee leaves or is in a role that does not require access to Customer Data.

As a part of Athena Workflow standard procedures, we ask for permission before entering a customer account on their behalf and only make changes on customer request.

All Athena Workflow application access is logged. Our PCI-compliant payments process logs all access and changes to payment and billing related information.

Data Retention & Destruction

Athena Workflow retains all data for active customers. Customers are free to cancel their accounts at anytime and request the full deletion of their Athena Workflow data from our systems.

Our hosting provider uses techniques outlined in DoD 5220.22-M (“National Industrial Security Program Operating Manual “) or NIST 800-88 (“Guidelines for Media Sanitization”) to destroy data when deprovisioning resources, ensuring that our customer data is fully erased when no longer used.

Incident Notification

If Athena Workflow believes that a customer’s data has been accessed by unauthorized persons, we will notify impacted customers within 48 hours of discovery.

Solutions

Athena Workflow is practice management software that is also called client management software, accounting practice management software, or due date tracking software.

Athena Workflow is practice management software that is also called client management software, accounting practice management software, or due date tracking software.

Copyright Athena Workflow ™. All rights reserved. Questions? Email [email protected]

All content that appears on this website is owned, copyrighted, and owned or licensed by Athena Workflow ™. Any unauthorized use of trademarks or content on this website is strictly prohibited. All rights reserved.