Information Security Policy
Data Centers
Transfennica's goal is to enable you to share your information through API's. Amongst others Transfennica collects your Data, stores it and indexes it. At all times do you, the Data Provider, keep full ownership of your Data. Protecting your Data and the Data of your customers is very important to us.
If this document does not answer your questions and you require more in-depth information about Transfennica's Information Security Policy, please do not hesitate to contact us via email (security at transfennica.com).
The Transfennica platform runs on the Microsoft Azure Cloud platform and therefore in Microsoft's data centers. Microsoft cloud services are audited at least annually against SOC 1 (SSAE18, ISAE 3402) and SOC 2 (AT Section 101) standards. More information is available on The Microsoft website.
The Transfennica platform deploys services on Microsoft Azure data centers in Western Europe (Tier 4) and on the Iron Mountain Amsterdam data center (Tier 3).
Misuse
Transfennica aims to be on the cutting edge of compliance and delivery. Live data can never be accessed by anonymous parties. A Data User can access Data only if granted that access by the Data Provider. Additionally, Transfennica closely monitors API usage and, if detecting an account with indications of suspicious activity, takes immediate action as appropriate for the specific case, such as suspension of access, contacting the Subscriber and/or contacting the Data Provider.
Application Security
Transfennica understands the importance of that software security. In addition to continuously scanning its code for vulnerabilities, Transfennica also:
Securely transfers all your Data and encrypts it at REST;
Is planning an independent penetration test in 2020, to be repeated annually;
Is preparing for ISO 27001 and 27002 certification.
If you identify a vulnerability in a Transfennica site or service, you can identify it to us via it.transfennica.com or email (security at transfennica.com).
Operational Security
Access to Transfennica systems and your Data is restricted only to those who need access in order to provide you maximum support. Transfennica maintains a strict separation between its development, test and production environments.
With its employees, contractors, and vendors working on its behalf, Transfennica has in place:
Signed confidentiality agreements;
Termination/access removal processes.
Security is the responsibility of everyone who works for Transfennica. Transfennica trains its employees to identify security risks.
Business Continuity/Disaster Recovery
By deploying its platform to Microsoft Azure Cloud platform, which has redundant and geographically separate data centers, Transfennica can provide you with consistent services. All service layers (ingestion, storage, processing, API management and identity management) are deployed with redundancy so as to allow for quick recovery in case a single data center goes down. The same applies to the Iron Mountain Amsterdam data center (Pleimuiden 21, 1046 AG, Amsterdam) which has full redundancy to our data center at the Amsterdam head office.
Privacy
You can review the Transfennica privacy policy on our website www.transfennica.com.