As part of Hexagon, we belong to the most technologically-advanced family of companies in the world, specializing in data capture from construction to mining applications, and serving private companies, in addition to cities and governments. We guard your privacy, and treat your data integrity and security as a top priority.
We take the privacy and security of your data very seriously. We know that you entrust us with valuable and potentially sensitive information pertaining to your construction projects, workplaces and sometimes even homes. Through a multi-tiered security model and by partnering with best-in-class technology providers, we do our utmost to ensure your peace of mind on issues of information security.
Privacy
Password Protection
All of our customers and staff access project information by way of a password protected web application. Strong password requirements and optional password expiry policies ensure password integrity. If a higher level of authentication security is required, we support enterprise level single sign on integrations.
Granular Permissions
Your project is visible only to those people on your project team that you choose to have a login issued to. Within a project, further granular permissions can segment content and features by user. And you have full control over who sees any content that you add to our system – share it with the whole project team if you like, keep it private to yourself, or somewhere in between.
Big Company – Small Teams
A fundamental tenet of information security is the ‘principle of least privilege’. This means limiting even our own staff privileges to those which are essential to their job function. Access to your project information is limited to local employees directly supporting the project along with a limited set of central Systems Administrators and Quality Auditors.
Application and Data Security
Data In Transit - TLS/SSL Encryption
All data in transit is secured with 256 bit SSL/TLS encryption with certificates issued by Amazon Web Services.
Data At Rest
Within our database, password data is hash and salt encrypted to impede brute force or reverse lookup attacks. Even our own admins have no means of decoding your password.
Data Centers and Hardware
Best Available Technology Partners
All of our processing and storage is hosted with Amazon Web Services (AWS) in regional data centers depending on franchise location. We have processing and storage in US (Ohio), Canada, UK and Australia. The above includes core MDS processing and database services as well as asset storage, asset backup and processing for some of our auxiliary services.
Data Center Security
All AWS data centers have extensive security measures in place including biometric access control and monitoring.
Compliance and Auditing
All data centers that Multivista employs meet multiple industry compliance standards. Independent auditors and organizations ensure that controls meet the strictest industry guidelines.
Data Protection
High Availability Infrastructure
Our web application runs in a load balanced, high availability cluster. Similarly, the database tier of our infrastructure is set up for automatic failover to a mirror in the event of a hardware failure.
Backup and Disaster Recovery
Disaster recovery planning means that you have thought about what would happen when the unthinkable happens. Multivista has contingency plans for failures ranging from component level, to system level to site level. In addition to database mirroring, full database backups are captured every evening and shipped offsite. With respect to photo and video data, multiple copies of each photo are saved within each file storage cluster. Furthermore, the storage clusters are mirrored between two geographically diverse datacenters to allow us to maintain business continuity in the event of a catastrophic event at a given data center.
Need More Information
If you need more information about Multivista's information security policies, please feel free to contact us at support@multivista.com. We have experience in filling out security questionnaires and are always happy to talk to your information security professionals directly.