At Action1, we care about your data and its integrity. As a company, we are committed to providing a secure endpoint management solution for our customers. We employ the latest data protection technologies and stay continuously compliant with modern standards and regulations. Our experienced team of engineers established round-the-clock security auditing and monitoring in order to provide the highest level of protection for our users. In order to prove all of this, we went through the process of extensive multi-month audits by independent auditors for both SOC 2 Type II and ISO/EIC 27001:2022 standards. You can obtain the auditor reports by contacting your Action1 representative.
Data Encryption and App Security
The endpoints connected to the Action1 Cloud communicate through a secure channel. We use the 2048 RSA private keys for end-to-end encryption. The key exchange eliminates the chances of your data being stolen while in transit and guarantees the integrity and authenticity of your data. For each Action1 account, we generate a private key and embed it in the Account1 Deployer and agent installers. No one besides you has access to your private key and can leverage it to access your data.
Besides restricting unencrypted access to Action1 web console,we enforce the two-factor authentication for all our users. The multi-factor authentication is an effective way to secure user accounts and access to data since it adds an extra verification step to your sign-in procedure. Action1 recommends using an authentication app such as Google Authenticator, Twilio Authy, Duo Mobile, or Microsoft Authenticator. Or you can leverage email-based MFA by entering unique one-off code sent to our email. Access to Action1 resources via API is secured with the OAuth 2.0 protocol.
Compliance and Security Regulations
In addition to being certified by independent auditors for SOC 2 Type II and ISO/IEC 27001:2022 as a cloud service provider, we follow the industry best practices related to data security such as PCI DSS, SOX, HIPAA, GDPR, and NIST. We have set ongoing monitoring and enforced the least privilege model meaning that Action1 employees have limited access to corporate resources and client data. No one has access to your Action1 account and data unless you explicitly allow it. We care about your privacy and are always on guard, protecting your data even when it goes beyond what the standards prescribe.
Action1 is built on top of Amazon Web Services (AWS), which is SOC 2, ISO 27001, and FedRAMP compliant. For more information about Amazon security controls and regulations, please refer to AWS Compliance Programs and AWS Cloud Security.
What You Can Do to Help Us Protect Your Data
To protect your data from authorized access, we recommend you follow these security guidelines:
- Always lock your computer when leaving your desk and make sure it’s password-protected. Enforcing a strong password policy is also a good option.
- Prefer app-based multi-factor authentication over email-based.
- Use the latest anti-virus and malware protection software, regularly install security updates and patches. You can identify missing updates with Action1 and set up automated patch management. For more information, see Create Patch Management Policy.
- If you are a Managed Service Provider or take care of an independent department, create Organizations within your Action1 account to separate endpoints and enable access to them based on the organization. For more information, see Multi-Tenancy for MSPs and Enterprises.
We value transparency, so you can quickly find relevant information on our Status page in case of unscheduled downtime.
Should you have more questions, don’t hesitate to contact our technical support.