Customer trust and data security are critical to everything we do at Marvia. Every day we ensure that our security is parallel with industry standards and compliance.
Single Sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials.
Marvia is a SaaS subscription accessible globally via a web browser. A strict roles system secures our solution. We enable permission levels within the tool to be set for users and groups. Permissions can be set to include:
Marvia enforces a password complexity standard and uses OpenSSL encrypt and decrypt to store credentials and sensitive data. The encryption algorithm is specified by the Advanced Encryption Standard (AES).
We have an uptime of 99.9% or higher.
Marvia's services and data are hosted in Amazon Web Services (AWS) facilities in Frankfurt (eu-central-1). All hosting and storage are 100% aligned with the restrictive EU data protection laws. AWS is renowned for rigorous security. For their hosting compliance, please visit AWS Amazon.
Marvia was built with disaster recovery in mind. All of our infrastructure and data are spread across 3 AWS availability zones and will continue to work should any one of those data centres fail.
All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests getting to our internal network.
On an application level, we produce audit logs for all activity. Our Certified AWS hosting and Security partner Webslice manages the server logs within AWS. All action and activities in the Marvia application are logged in the database. Our database is backed-up every 24 hours.
Access to customer data is limited to authorized employees who require it for their job. Marvia is served 100% over https. We have Single Sign-on (SSO) and strong password policies on Google, AWS and Marvia to ensure access to cloud services are protected.
All data sent to or from Marvia is encrypted in transit using 256-bit encryption. Our API and application endpoints are TLS/SSL only. SSL/TLS certificates are used to secure network communications and establish the identity of Marvia over the Internet as well as resources on private networks.
The SSL and TLS protocols use an X.509 certificate (SSL/TLS server certificate) to authenticate both the client and the back-end application. An X.509 certificate is a digital form of identification issued by a certificate authority (CA) and contains identification information, a validity period, a public key, a serial number, and the digital signature of the issuer.
Marvia uses third party security tools to scan for vulnerabilities continuously. Periodically we engage third-party security experts to perform detailed penetration tests on the Marvia application and infrastructure.
Marvia implements a protocol for handling security events which includes escalation procedures, rapid mitigation, and post mortem. All employees are informed of our policies.
In case of a 'critical incident' or 'security breach', Marvia will immediately inform its clients. Marvia will take all necessary steps to reduce the impact and prevent a recurrence.
All Marvia employees are obliged to work with up-to-date operating systems and software. Internal rules around a clean desk, clear screen, encrypted laptops, password managers, 2FA, mobile storage devices, and virus scanners are described in the Marvia Employee Handbook.
Marvia has a set of measures in place to guard the physical security of its employees and office. These are described in our internal security policy and are reviewed annually.
All employees complete Security and Awareness training annually.
Marvia has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
All employee contracts include a confidentiality agreement.
If you think you may have found a security vulnerability, please get in touch with our security team at email@example.com. Make sure you check out our responsible disclosure and bug bounty policy first.