Trust center

Overview

At Anycloud, security is at the heart of everything we do. As specialists in data backup solutions, safeguarding your data is not just an added layer—it’s a fundamental part of our service. We’re committed to transparency and continuously improving our security measures. Learn about security and data protection measures, regular compliance checks, and availability of our cloud solutions.

Compliance

Distibutors

Audit logging

Logging and auditing mechanisms are in place to support forensic analysis and investigations.

Data security

Anycloud has implemented controls to help customers safeguard their accounts and data:
 
  • Data is encrypted both in transit and at rest.
  • Data retention are established and controlled by the end-customers
  • Password policies are enforced, with an option to enable multi-factor authentication (MFA).

Integrations

Access monitoring

Anycloud logs and monitors all access attempts to its company resources.

Backups

Anycloud has established a backup and recovery process. Customer backups retentions are defined by the end-customer

Data erasure & retention

Anycloud has established procesdures that ensures that departing customers data is deleted as according to the highest industry standards

Encryption-at-rest

Encryption at rest is in place utilizing industry standard algorithm AES-256.

Encryption-in-transit

Data transmission is secured using TLS 1.2, SHA-256 with RSA Encryption.

Code analysis

We utilize industry-recommended tools to ensure the development of secure code.

Subprocessors

The subprocessors are listed in the Data Processing Agreement (DPA).

Data breach notifications

Our DPA and ISAE 3000 audit report provides details on Anyclouds data breach response timelines

Data info system

Our DPA provides details on data stored by Anycloud services. This can include:

  • Customer’s customers’ first name, last name, phone number, email address, shipping and billing address.
  • Customer’s employees’ first name, last name, employment details such as job title, telephone number, business address and email address.
  • Any other Personal Data submitted by, sent to, or received by Customer, its end users and/or its Cloud Service Provider, via Service Provider’s Software.

The Anycloud service you are using will determine the information that is ingested.

Data access

Anycloud strictly monitors access to customer data and grants permissions only when necessary, ensuring that access is limited to the end-customer where the customer backup data is stored.

Logging

Logging and auditing is in place to assist with forensics and investigations

Password security

Please refer to Anycloud’s Information Security Policies (Summaries) document. This document provides summaries of Anycloud’s security policies within our Security and Privacy Program.

Status monitoring

BC / DR

Anycloud has a fully documented and tested Disaster Recovery and Business Continuity Plan. Testing is conducted at least annually to ensure its effectiveness.

Infrastructure Security

Anycloud has set up alarms and metrics in alignment with the Anycloud services. We leverage various tools and services to ensure continuous security monitoring. Additionally, VPN access and multi-factor authentication (MFA) are required to access the Anycloud infrastructure.

Separate Production Environment

Anycloud maintains completely separate production and development environments.

Disk encryption

Anycloud employee workstations have disk encryption enabled, and this is reviewed and validated at least annually.

Data loss prevention

Anycloud has implemented N1+1 redundancy for its storage systems, ensuring data consistency is maintained and stored across multiple locations.

Firewall

Firewalls are implemented in production environments where sensitive or confidential information is captured, processed, or stored.

Asset management practices

Anycloud Maintains a comprehensive inventory of production information assets and IT assets.

Employee training

Anycloud has implemented a security awareness program, requiring employees to participate in security and privacy training every six months.

Acceptable Use policy

Please refer to Anycloud’s Information Security Policies (Summaries) document. This document provides summaries of Anycloud’s security policies within our Security and Privacy Program.

Access control policy

Please refer to Anycloud’s Information Security Policies (Summaries) document. This document provides summaries of Anycloud’s security policies within our Security and Privacy Program.

Asset management policy

Please refer to Anycloud’s Information Security Policies (Summaries) document. This document provides summaries of Anycloud’s security policies within our Security and Privacy Program.

Quality SSL Labs

Anycloud monitors the quality of its SSL certificats.

Designated response personnel

In the event of security incidents, they are logged, tracked, and communicated to the relevant parties. The Incident Response team is responsible for managing and resolving these incidents in accordance with the established Incident Management Policy.

Incident reporting process

In the event of security incidents, they are logged, tracked, and communicated to the affected parties.

Pager service

On-Call personel are alerted to potential incidents through an automated pager system.

Data access/impact levels

Anycloud has implemented an information classification policy that defines data classifications and outlines the requirements for proper handling and labeling of information.

Risk assesment

Anycloud conducts risk assement and analasis at least annually.

Asset classicfication

Anycloud has implemented an Asset Management Policy that defines the process for managing assets throughout their entire lifecycle.

Asset inventories

Anycloud has an asset inventory in place that is reviewed at least annually.

Asset tracking

Anycloud tracks and manages all physical assets throughout their entire lifecycle.

Business Continuity plan (BCP)

Anycloud has a formal Business Continuity and Disaster Recovery Policy, along with a documented plan to ensure preparedness and resilience.

Contigency plan testing / Lessons learned

Anycloud conducts Business Continuity Plan (BCP) and Disaster Recovery (DR) tests at least once per year. Insights gained from these tests are integrated into the plans and supporting documentation.

Employee privacy training

Anycloud has implemented a security awareness program, requiring employees to participate in security and privacy training every six months.

Phishing Training

Phising training is part of the security awareness program, conducted every six months.

Role-based training

Role-based training is incorporated into the security awareness program to ensure tailored education based on specific job responsibilities.

Change management program

Change-management is implemented as part of the ISO 27001 ceritifcation.

Change restrictions

Only authorized personnel within the Infrastructure team, based on their job responsibilities, are permitted to promote changes to the production environment, ensuring that sensitive actions are restricted to qualified and appropriate staff.

Changes notification & verification

Changes must go through an approval process prior to being promoted to production, approved by the change manager.

Access monitoring

Anycloud logs and monitors all access attempts to company resources.

Alarms & surveillance

Anycloud services are hosted in IBM Cloud’s “secure by design” data centers. For more details on the security measures of IBM data centers, please visit: https://www.ibm.com/cloud/smartpapers/securing-data-in-the-cloud/.

Additionally, the Infrastructure Team has implemented extra monitoring for enhanced security.

Event & Audit log management

Logging is enabled to monitor activities such as administrative actions, logon attempts, changes to functions, security configurations, permissions, and roles. The infrastructure team is notified of any alerts, and issues are resolved following the Incident Management Policy.