Accessibility or Data Protection? We deliver both.
Orderhive keeps all your data
secure and handy
Secured access to your data from anywhere in the world via mobile devices, tablets, or a computer.
Orderhive is SOC1 Certified
Orderhive has a SOC1 Type I report. Our SOC 1 report attests to the controls we have in place governing the availability, confidentiality and security of customer data as the map to Trust Service Principles (TSPs) established by the American Institute of Certified Public Accountants (AICPA).
Application Security
In-Transit Encryption
Sessions between you and your Orderhive application are protected with an in-transit encryption using 256-bit or better keys and TLS 1.0 or above. Users with modern browsers will use TLS1.2 or 1.3.
Web Application and Network Firewalls
Orderhive monitors potential attacks with several tools, including a web application firewall and network-level firewalling. In addition, Orderhive contains Distributed Denial of Service (DDoS) prevention defenses to help protect your Orderhive.
Software Development Lifecycle (SDLC) Security
Orderhive implements static code analysis tools and human review processes in order to ensure consistent quality in our software development practices.
Data Center Protections
Physical Security
Orderhive products are hosted with cloud infrastructure providers with SOC2 Type II and ISO 27001 certifications, among others. The certified protections include dedicated security staff, strictly managed physical access control and video surveillance.
Network Isolation
Orderhive products are hosted in a private virtual cloud which allows us to isolate database and software applications from other resources.
Communications between Orderhive services are protected by using Virtual Private Networks and encrypted network protocols. Data is encrypted at rest to help protect against unauthorized access.
Software Security
Patch Management
Orderhiveβs patch management process identifies and addresses missing patches within the product infrastructure. Server-level instrumentation ensures tracked software packagesm, use the appropriate versions.
Security Incident Response
Orderhive security incident process flow and investigation data sources are pre-defined during recurring preparation activities and exercises and are refined through investigation follow-ups. We use standard incident response process structures to ensure that the right steps are taken at the right time.
Audit, Vulnerability Assessment and Penetration Testing
Vulnerability Assessment
Orderhive tests for potential vulnerabilities on a recurring basis. We run static code analysis, and infrastructure vulnerability scans.
Penetration Testing
Orderhive leverages 3rd party penetration testing firms several times a year to test the Orderhive products and product infrastructure.
External Audit & Certification
Orderhive has obtained a SOC 1 Type I report attesting to the excellence of its controls in the domains of security, availability, and confidentiality.
API Security
Security Tokens
All the API requests must be signed using an access key ID and a secret access key which is generated using refresh token which gets expired in a certain amount of time.
Rate Limiting
The external API calls require generation of a developer account with Orderhive which generates the Application ID. All external API calls request a combination of application id, access key id and secret access key. The rate limit is strictly defined on all external API calls to prevent any security attacks.
