Protecting your data is our #1 Priority
Spanning is committed to the security of the data you process with us. We have created our systems from the ground up based on security and data protection best practices. Spanning Backup employs multiple layers of operation and physical security to ensure the integrity and safety of your data, including:
SOC 2 Compliance
Spanning has achieved SOC 2 Type II certification, signifying rigorous evaluation and adherence to internal operational, technical controls, IT processes, and trust services principles.
Application-Level Authentication
To access SaaS systems, Spanning uses the OAuth 2.0 protocol, which provides more secure authentication compared to traditional service accounts and passwords.
Strong Encryption
Data at rest is protected with 256-bit AES object-level encryption, using unique, randomly generated encryption keys for each object. Additionally, a rotating master key secures these unique keys. Data in transit is safeguarded with Transport Layer Security (TLS) encryption
Intrusion Detection
Spanning employs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting, and active response to guard against system intrusions.
Compartmentalized Access
Access to production servers is restricted to specific Spanning employees with essential operational roles, and changes to access control lists are auditable
HIPAA Compliance
Spanning’s services are hosted in HIPAA-compliant data centers, catering to the specific needs of healthcare-related data handling.
Membership in Cloud Security Alliance
As a member of the Cloud Security Alliance, Spanning aligns with best practices in cloud security and computing.
Third-Party Certifications and Audits
Spanning operates within the Amazon Web Services cloud, which has ISO 27001 certification and has completed SAS-70 Type II audits, ensuring high standards of data security and compliance.
Privacy and Security Certifications
Spanning Backup has earned certifications such as BBB EU PRIVACY SHIELD and is compliant with the US-EU and Swiss-US Privacy Shield frameworks. It also complies with the General Data Protection Regulation (GDPR).