Security and Governance

Defined Security Policies

Defined Security Policies

Convene has documented security policies and procedures in place to ensure the confidentiality, availability, and integrity of the system. All employees are trained and oriented to strictly adhere to these policies.

Designated Security Team

Designated Security Team

Under the supervision of the Azeus Chief Security Officer, Convene has a security team assigned who is responsible for ensuring staff compliance with security policies and procedures, protecting customer data, and regularly reviewing the effectiveness of security policies and procedures.

Data Processing

Data Processing

Convene’s data processing procedures are compliant with the GDPR and are overseen by a Data Protection Officer.

Business Continuity Measures

Business Continuity Measures

Convene’s Business Continuity Plan ensures that support services operate continuously in order to serve all customers at all times.

  • Daily Automated Backups*
    Customer data is automatically backed up daily to ensure system integrity.
  • Availability Zones and Data Redundancy*
    Convene leverages AWS’ (Amazon Web Services) availability zones in its cloud infrastructure to restore services during disaster situations to ensure high reliability and availability. These data backups are copied to another AWS location within the same region and remain encrypted are stored using Amazon Web Services S3 (Simple Storage Service).
  • Disaster Recovery*
    The Convene System Team conducts annual Disaster Recovery drills to test and improve the Disaster Recovery plan so that the Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are met.
Incident Management

Incident Management*

In line with the Incident Response Plan, Convene has an incident detection mechanism in place. Alerts are monitored 24/7 by the Support Team and are forwarded to the Systems Team for immediate resolution. A ticketing system is in place to provide a guided mechanism for tracking, handling, and documenting system incidents until closure. Users can report these via chat, email, or phone. In the event of a security incident, Azeus immediately notifies customers and remedies the situation to stop any further impact and to restore any lost customer data or information.

Vulnerability Management

Vulnerability Management

Convene’s servers regularly undergo several security tests and are hardened following security benchmarks from the Center for Internet Security.

  • Internal Security Testing and External Penetration Testing*
    The Convene infrastructure is regularly tested and scanned for vulnerabilities by the Convene Systems Team, and is subjected to external penetration testing by independent third parties. Customers may also request for a copy of the results or perform their own security testing and pass their findings to Convene.
  • Application Development
    Convene was designed, developed, and tested for vulnerabilities against the Open Web Application Security Project (OWASP) Top 10 and Common Vulnerabilities and Exposures program. Convene’s System Team works with the Security Team to perform scans immediately after every major release and implement patch management procedures for critical vulnerabilities (Example: Spectre 2018). The teams make sure that security is integrated into the software development lifecycle from development to production.
  • AWS Vulnerability Scans*
    Using a variety of scanning tools, AWS performs regular vulnerability scans on the host operating system, web application, and databases in the AWS environment. The AWS security teams are subscribed to news feeds for applicable vendor flaws, and also proactively monitor the vendor’s website and other relevant outlets for new patches.

    *Security Measures are for Convene Cloud Environments only.
Personnel Security

Personnel Security

All Convene employees are subject to criminal background checks and are bound by an agreement to uphold the company’s privacy policy and protect the confidentiality of customer data.

  • Security Awareness Training
    New staff members are required to undergo a security awareness training that discusses common security attacks, social engineering tactics, detection and prevention of attacks, and procedure for reporting.
  • Role-specific Security Training
    Convene developers and system engineers regularly undergo training so that they are updated on industry-standard security practices.
Return to Security Features

Experience Azeus Convene