Yes! Rencore Governance was built from the start with the highest security standards in mind to comply with the requirements of our enterprise and government customers around the world.
The Rencore Governance infrastructure is hosted on Microsoft Azure and passes all regulatory compliance checks and security controls (Azure CIS 1.1.0, PCI DSS 3.2.1, SOC TSP, ISO 27001).
Rencore Governance is using a no-SQL database and therefore has no inherent risk of injection attacks on SQL-type databases. Your data can be hosted in any available Microsoft Azure datacenter.
All information is encrypted. Azure Storage Accounts have built-in support for encryption at rest, and in-transit. In addition to this, we add another layer of cryptographic AES 256-bit industry-standard encryption around the data before it is transmitted to the storage. All transmissions from the application to the end-user are SSL encrypted. All keys are securely stored in Azure Key Vault.
The application is automatically tested against OWASP issues ensuring resilience against those threats. The codebase is automatically scanned with vulnerability scanners and security analyzers during the build.
Rencore Governance uses Azure AD applications. Customers consent to these AAD apps to grant the Rencore Platform access to the data required to perform analysis and monitoring. Customers can at any point revoke the App-Only or Delegated permissions granted to our applications. Rencore never asks for or stores any usernames or passwords.
For more detailed security information about the various components and the measures that we take to ensure the safety of our customers’ data, please reach out to our team.