Security

Security and reliability of the data hosted and processed on our platform are pillars of our business. We adopt strict development and information security standards to provide our clients with absolute peace of mind and confidence in serving their customers swiftly and efficiently.

Security at Atendo

Connectivity and Continuity

Our servers are hosted on Amazon Web Services, the world's largest cloud service provider, in audited data centers compliant with the most rigorous security and compliance standards in the market.

Data is replicated in different physically distant availability zones with distinct and redundant connections so that, in the event of a disaster, operations can continue from another physical point. We store daily backups with a documented and periodically tested process for the fastest possible recovery.

Encryption

All source and destination connections are end-to-end encrypted using the same technologies used by banks and financial institutions, ensuring that no intermediary can intercept or compromise your information.

In addition to encryption in transit, we have implemented additional measures to protect stored data. Data storage is encrypted at rest, preventing it from being retrieved after disposal. Customer databases are logically segregated, meaning your data and your customers' data are stored in separate databases.

Passwords and Access Credentials

Passwords and access credentials have additional protection mechanisms. Access to our internal systems is protected by multiple authentication factors. All passwords undergo complexity validation and are saved using a one-way encryption mechanism, making it impossible to reverse the process and discover the original password. We also use unique entropy per password, making attacks using pre-encrypted passwords unfeasible.

Security measures

Access credentials to systems are encrypted using a public-key and private-key mechanism, with the private key required for accessing information not available in external systems or publicly accessible.

Intrusion prevention

Our services are protected by intelligent firewall systems (WAF) and perimeter controls, providing additional protection against distributed denial-of-service (DDoS) attacks and other threats. We apply request limits based on the criticality of each endpoint, reducing the probability of brute-force attacks.

Our internal systems such as databases and queuing systems are isolated from the internet and only accessible within our virtual private network.

Secure Development

The development of a new functionality in Atendo undergoes a rigorous process of security and privacy impact assessment (security & privacy by design), always seeking ways to reduce or limit the collection and processing of necessary data. Before being released, system changes go through a change review, testing, and approval process.

Over 80% of the codebase is covered by automated tests, which help detect flaws before they reach the production system. We also utilize services that scan for vulnerabilities in both the code and any dependencies used.

Suppliers and Third Parties

We adopt a policy of rigorous evaluation regarding the security practices of our suppliers before initiating any relationship with them. This ensures that they adopt similar controls and measures to ensure the integrity, reliability, and security of information. You can find an up-to-date list of our data subprocessors in our list of data subprocessors.