Phone
+34 932 71 56 44 | Mon-Fri 8:00 a 20:00
Andy Security Questions and Answers
Do you have any questions about Andy’s security measures and protocols? Read on! This article has all the answers.
1. What is Andy's security policy?
Our security policy is based on secure design principles, implementing protective measures at all stages of software development and operation. This includes the use of encryption, access controls, and regular audits.
2. How is backup managed in Andy?
We perform daily backups of all our databases, which are stored in secure and offsite locations. Additionally, we use continuous backups to allow point-in-time recovery. Daily backups are retained for a period of 30 days.
3. What network security measures does Andy use?
We use AWS Virtual Private Cloud (VPC) to create isolated network environments, VPN authentication for changes to databases and applications, and access control lists (ACLs) to manage network traffic.
4. What is multi-factor authentication (MFA) and how is it implemented in Andy?
MFA is an authentication method that requires two or more forms of verification. In Andy, we use MFA to access critical resources, utilising physical devices and virtual MFA applications.
5. What encryption protocols are used in Andy?
Andy employs TLS (Transport Layer Security) to encrypt data in transit and AES (Advanced Encryption Standard) with 256-bit keys to encrypt data at rest.
6. How often are penetration tests conducted in Andy?
We conduct penetration tests regularly, at least annually, to identify and address vulnerabilities in our systems. These tests simulate real-world attacks to evaluate our security posture.
7. What measures are taken for secure development in Andy?
Our development process follows secure coding practices and regular security reviews. We integrate security at every stage of the software development lifecycle (SDLC), from design to deployment.
8. How does Andy respond to a security incident?
We have a structured incident response plan that includes the identification, containment, eradication, and recovery of incidents. Additionally, we maintain communication protocols to inform all relevant stakeholders.
9. How does Andy ensure GDPR compliance?
We comply with the General Data Protection Regulation (GDPR) by ensuring that personal data is processed lawfully, transparently, and for specific purposes. We also obtain user consent before data collection and promptly notify any data breaches.
10. How does Andy handle threat monitoring and detection?
We use advanced tools like AWS CloudWatch and AWS Security Hub for early detection of threats and malicious activities. These systems monitor and log all activities and changes in our AWS environment.
Any other questions? Doubts? Suggestions? Don’t hesitate to write our Customer Experience Team at help@andyapp.io.
Related Articles
What can I use the Logbook for in Andy?
TheAndy's Dietis an internal communication tool that helps you in multiple aspects of managing your establishment, as it allows you to more efficient and effective communication with your team. What can I use it for? Internal communication ...What can I use the Library for in Andy?
TheBookstoreean Andy tool where files can be stored in different formats such as: videos, photos and documents. Users have access, according to their role, to the information published inAndy Appand they can consult or download it when they need it. ...Connection parameters for Andy-compatible printers
Below are the parameters available for Andy-compatible printer models. Before proceeding with the table, it is advisable to take a look at the Andy-compatible models described in the article:Approved printers for tagging with Andy ?Model ?Platform ...What can I use Audits for in Andy?
TheAuditis a tool that makes it easier for us to know how our establishment is working. This gives us a result that allows us to check whether certain tasks are carried out correctly, emphasizing those that require greater attention, thus preventing ...What can I use Records for in Andy?
The tool ofrecordsallows the registration and document of point self-controls carried out in PCCs, allowing possible deviations and implement corrective measures immediately. What properties are there in records? They cancreate the recordsthat we ...
