Security & privacy by design
Spencer respects customer data and business processes
As part of our design guidelines, we strive not to replicate or synchronise any customer data. Additionally, transactions with source systems (Systems of Record) preferably happen in real-time, ensuring both the data and the business logic remains under control of the customer.
Spencer keeps the customer in control
Spencer taps into the customer’s SSO setup, respecting all authentication and access management policies. Connections to the required Systems of Record are always made “on behalf of” the user, respecting that user’s existing access rights and permissions. Ultimately, Spencer leaves the customer in full control: of the systems Spencer can access (network and/or API access), of the employees that can access Spencer (IAM), and of the permissions each employee has in the respective systems (using “on behalf of”).
Any data transferred between the customer’s systems, Spencer’s back-end, and the Spencer client-side applications is encrypted through HTTPS/SSL. If Spencer stores data (eg. search index), the data at rest is isolated between customers, and encrypted using the latest FIPS 140-2 validated hardware security modules to generate and protect keys.
Performant & Safe hosting
The Spencer app runs on the Microsoft Azure Cloud Platform. These highly secure data centres have strict access and storage policies, ensuring no one can access your data. For European customers, the application is exclusively serviced through data centers located in the EU, to ensure GDPR compliance.
The Microsoft Azure Cloud Platform is ISO 27001:2013 certified for information security management and ISO 9001:2015 for quality management. Spencer is set up to protect your major IT systems with data backups and high availability thanks to Azure’s disaster recovery solution.
Service Level agreement
As part of our Product Agreement, customers can rely on a solid Service Level Agreement.
99% uptime guaranteed
Spencer is always on! Maintenance periods will be communicated upfront.
Designated callers will get access to our ticketing platform.
Employees and helpdesk personnel have access to our FAQ.
Depending on the impact, support requests are handled within a number of hours.
Customers get access to a hotline for technical and functional questions.
During business hours
Mon. – Fri. 8:00 AM – 6:00 PM CET