Security
- Which application architecture, platforms and systems are used for DivvyHQ and how often/regularly are they patched?
- What is Divvy's auto logout time set to?
- Is there a role-based structure that is used to authorize access to the application?
- How is the DivvyHQ application implemented, and are connections between various components or tiers secure?
- How is customer data protected (authenticated and encrypted) in transit between the customer’s networks and DivvyHQ’s networks.
- How do you process and store payment/financial information?
- How are user credentials/data stored and protected?
- How are user authorizations/roles configured and maintained?
- How and where is your application hosted?
- Do you perform regular backups?
- Do you have security and training policies in place for DivvyHQ employees?
- DivvyHQ’s Essential Standard Requirements Areas