Security at Dozuki

Enterprise-Grade Data Security

Trust Dozuki to keep your data secure and meet compliance requirements

Security is built into the fabric of our product, processes and infrastructure so you can rest easy knowing your proprietary data is safe and always available when you need it.

Dozuki takes extensive measures to: protect your proprietary data, maximize availability through redundancy, and provide systems that meet the most stringent administrative, technical, and physical security requirements.

SOC 2 Type 1 Compliant

Dozuki is compliant with Service Organization Control (SOC) 2 Type 1 from AICPA.

Our full SOC 2 Type 1 report is available (under NDA) to our existing and potential customers. Please contact your Account Manager directly or submit a request to our security team here.

Access Controls

Ensure that only the right people have access to your company’s information in Dozuki with features like single sign-on, IP whitelisting, auto-logout and more.

Local Hosting

Option to host Dozuki on your own servers, gives you full control over required security and update protocols. Leveraging your own hardware also allows you to run air gapped without an internet connection.

Data Protection

Information is backed up multiple times daily and 256-bit SSL data encryption between your browser and our servers adds an additional layer of in-transit protection.

Secure Physical Infrastructure

Our state-of-the art network is located in a secure data center. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means.

Secure Servers, Top to Bottom

Our servers run on a peer-audited, Linux-based open source stack. We update our servers frequently with the latest patches and run our entire network behind enterprise-grade firewalls. Our servers are scanned regularly by an independent third party security vendor.

Flexible Hosting

Dozuki can be hosted in different ways to meet your unique technical requirements: hosted in the cloud via our (or your) infrastructure, or hosted entirely on your local servers. Hosting Dozuki on your own servers gives you the ability to run Dozuki in an air-gapped environment to meet even the most strict network security policies.

Data Redundancy

We're fanatical about uptime. All servers have always-on backups. If one system goes down, another automatically replaces it. Data stored on Dozuki is redundantly housed in multiple physical locations and is frequently backed up using different location points.

Data Security

All data on Dozuki sites is encrypted at-rest using the Advanced Encryption Standard (AES) and in-transit security between your browser and our servers is always encrypted end-to-end by Secure Sockets Layer (SSL).

Frequently Asked Questions

Application Security

Can we connect Dozuki to our other systems (ERP, MES, etc.)?

Yes. Dozuki’s secure API makes it easy to integrate with other systems. View our full API documentation here.
Can we enforce our own internal password policy?

Yes. You can leverage Single Sign-On (SSO) which will allow your users to sign-in using your company’s existing authentication system. View our SSO documentation here. Keep in mind, if you use SSO, we do not store or have access to user passwords for support purposes.
Can our users be automatically logged out?

Yes. You can specify a time after which your users will automatically be logged out.
Do you support rate limiting on login attempts?

Yes.
Which industry-specific compliances can Dozuki help us achieve and maintain?

Dozuki can help you with achieving compliance with ISO, ITAR, AS, FDA 21 CFR, and many others. If there are specific certifications you are looking to achieve or maintain, please contact us for more information on how we can help.

Data Control

Who owns the data I put on my Dozuki site?

You do. Dozuki has no ownership over your site’s content.
Will Dozuki employees access our private content?

No. We only request access in extremely rare instances of critical bug fixes and will always ask your permission first.
Do you make backups of our data?

Yes. Backups occur automatically, roughly every 15 minutes.
What happens to our data if we stop using Dozuki?

If you decide to discontinue use of Dozuki, after 30 days we will securely delete and wipe any data kept in your site. Upon request we will provide you with a standardized oManual (http://omanual.org, IEEE standard 1874) export of all of your site’s content.
How long do you keep backups for?

We maintain backup copies dating back two years.

Hosting and Infrastructure

What servers do you host Dozuki on?
Amazon Web Services (AWS) EC2. AWS’ cloud infrastructure is designed and managed to comply with the strictest regulations, standards, and best-practices including:
- HIPAA
- ITAR
- FIPS 140-2
- ISO 27001
- SOC 1/SSAE 16/ISAE 3402 (formerly SAS70)
- SOC 2
- SOC 3
- PCI DSS
- Level 1 FedRAMP(SM)
- DIACAP and FISMA
- CSA
- MPAA
Can Dozuki be hosted on ITAR compliant servers or GovCloud, as approved by the Department of Defense?

Yes
What types of encryption does Dozuki use?
At-rest data encryption on Dozuki sites varies depending on the installation type you are using:
- For standard Dozuki hosted sites — 128AES encryption.
- For CloudPrem customers — 256AES encryption.
- For OnPrem customers the encryption method is your choice.
What type of firewalls do Dozuki use?

Due to the sensitive nature of this information, please contact us for more information.

Security at Dozuki

Enterprise-Grade Data Security

Trust Dozuki to keep your data secure and meet compliance requirements

SOC 2 Type 1 Compliant

Access Controls

Local Hosting

Data Protection

Secure Physical Infrastructure

Secure Servers, Top to Bottom

Flexible Hosting

Data Redundancy

Data Security

Frequently Asked Questions

Application Security

Can we connect Dozuki to our other systems (ERP, MES, etc.)?

Can we enforce our own internal password policy?

Can our users be automatically logged out?

Do you support rate limiting on login attempts?

Which industry-specific compliances can Dozuki help us achieve and maintain?

Data Control

Who owns the data I put on my Dozuki site?

Will Dozuki employees access our private content?

Do you make backups of our data?

What happens to our data if we stop using Dozuki?

How long do you keep backups for?

Hosting and Infrastructure

What servers do you host Dozuki on?

Can Dozuki be hosted on ITAR compliant servers or GovCloud, as approved by the Department of Defense?

What types of encryption does Dozuki use?

What type of firewalls do Dozuki use?

Have more questions about security in Dozuki, or want to learn more about how Dozuki can help your company?

Product

Resources

Company

Customer Ratings