The following is a policy document from Socialtext regarding data security and privacy practices for hosted data.
Socialtext treats the privacy of its customer data with highest priority.
256-bit SSL encryption is standard - access any wiki using HTTPS. For customers that request it, all data communications with our servers may be set to require HTTPS access.
As a matter of policy, all customer data is treated as confidential, and routine systems administrations tasks do not expose customer data to employees.
Socialtext customers control the level of privacy to their content. If a workspace is configured to be private, all access to that content requires password authentication. Only users who have been invited to that workspace by an administrator may access the workspace.
We use system transaction data to do capacity planning and systematic improvements to Socialtext hosted service. We review log files to determine usage patterns.
All systems administration of the Socialtext servers is done through secured, encrypted communications (SSH). The number of employees with access to machines housing customer data is kept to a minimum.
All activity that affects customer data is logged, and those logs are periodically reviewed and scanned for anomalous behavior.
All Socialtext customer data is backed up nightly to off-site, geographically distributed secured data storage centers, where the data is available for restoration 24x7. The backup path is run over an encrypted link, and access to the backup data is strictly controlled.
All Socialtext customer data is housed on RAID arrays, which means that the failure of any one disk drive does not impact online operations and can be replaced without extensive downtime.
All Socialtext data servers are run in facilities with 24x7 engineering support, key-controlled access, in hardened data centers with power conditioning, as well as backup power and HVAC.
Socialtext takes proactive steps to ensure the systems integrity of its running servers. Socialtext carefully monitors security alert services including those run by SANS and regularly applies required patches and upgrades.
Socialtext has a business continuity plan, including restoration of data and services in the case of disaster, and geographically distributed backup of customer data and source code.
The core Socialtext system is based on Socialtext Open, an open source product. Customers will be able to migrate to an open source version if necessary or desired. This reduces the risk to customers in case of interruption to Socialtext operations.
Page Last Updated: Dec 11 12:50pm by system-user@socialtext.net