Security and Compliance
Your data is safe with Yello. Yello is committed to ensuring the highest level of security to safeguard client information. Using a combination of technology, best practices and company-wide policies, Yello fosters a culture of security to protect your data. The team works with clients to understand compliance requirements and meet unique security needs.
Yello applications are hosted with primary and secondary SSAE-16 compliant facilities located and operated in the United States or EU.
Yello employs a dedicated, certified security team to ensure the security of operations through 24/7 monitoring of people, processes and technology. Activities include and are not limited to:
- Vulnerability scanning
- Penetration testing
- Secure coding practices
- Threat modeling
- Risk assessments
- Anti-virus scanning
Yello follows industry standards in regards to encryption. Data in transit and at rest Is encrypted using strong encryption methods (AES-256) to ensure data confidentiality and integrity.
Data is preserved with secure backups to an offsite location and is available for disaster recovery purposes. Testing of disaster recovery plans occurs annually.
Yello participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Yello is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles.
Yello integrates with SSO services that support SAML2.0
