Enterprise-Grade Data Security

Yes. Dozuki’s secure API makes it easy to integrate with other systems. View our full API documentation here.

Yes. You can leverage Single Sign-On (SSO) which will allow your users to sign-in using your company’s existing authentication system. View our SSO documentation here. Keep in mind, if you use SSO, we do not store or have access to user passwords for support purposes.

Yes. You can specify a time after which your users will automatically be logged out.

Yes.

Dozuki can help you with achieving compliance with ISO, ITAR, AS, FDA 21 CFR, and many others. If there are specific certifications you are looking to achieve or maintain, please contact us for more information on how we can help.

You do. Dozuki has no ownership over your site’s content.

No. We only request access in extremely rare instances of critical bug fixes and will always ask your permission first.

Yes. Backups occur automatically, roughly every 15 minutes.

If you decide to discontinue use of Dozuki, after 30 days we will securely delete and wipe any data kept in your site. Upon request we will provide you with a standardized oManual (http://omanual.org, IEEE standard 1874) export of all of your site’s content.

We maintain backup copies dating back two years.

Amazon Web Services (AWS) EC2.

• US West Region
• US East Region

AWS’ cloud infrastructure is designed and managed to comply with the strictest regulations, standards, and best-practices including:

• HIPAA
• ITAR
• FIPS 140-2
• ISO 27001
• SOC 1/SSAE 16/ISAE 3402 (formerly SAS70)
• SOC 2
• SOC 3
• PCI DSS
• Level 1 FedRAMP(SM)
• DIACAP and FISMA
• CSA
• MPAA

For additional information on AWS:

• AWS Compliance
• AWS penetration testing
• AWS security resources

Yes. Your Dozuki instance can be hosted on ITAR compliant servers, as approved by the Department of Defense (DoD).

• For standard Dozuki hosted sites — 128AES encryption. 
• For CloudPrem customers — 256AES encryption.
• For OnPrem customers the encryption method is your choice.

All passwords, credentials, and payment information are encrypted; we never store these in plain text.

• Passwords are encrypted with bcrypt, and each one has a unique salt.
• Third party keys are encrypted using AES-128-CBC and contain a SHA256 HMAC to verify the ciphertext's integrity.
• Payment information is encrypted with 3DES-ECB.

• AWS Security Groups and Access Control Lists allow us to keep a very small amount of ports open on the small number of machines that need to be accessed externally. View the AWS documentation for more information.
• In order to handle large amounts of traffic faster, we dynamically inspect all traffic by caching results directly instead of having to make multiple calls for each user loading a page.
• We also deploy numerous monitoring systems which directly alert our response teams at the earliest sign of an issue.

• Standard customer support hours are Monday-Friday 8:00AM - 6:00PM PDT.
• Extended customer support is available for our Enterprise subscribers.

Over the previous 365 days, Dozuki has experienced 99.999% uptime.

• Chrome
• Firefox
• Internet Explorer 11
• Edge
• Opera
• Safari

Yes. If due to compliance requirements your systems must pass validation when updates are released, both our OnPrem and CloudPrem solutions support validation.

Yes. To offload the validation burden from our customers Dozuki provides validation services for our CloudPrem and OnPrem subscribers. 

Dozuki provides a complete validation package for each release, including a validation project plan, requirements documents, a test protocol, Infrastructure Qualification (IQ), Operational Qualification (OQ), traceability matrices, and a validation summary report.