RampedUp manages hundreds of millions of contacts and company records so data security is our top priority. The purpose of this Policy is to safeguard information belonging to RampedUp and its stakeholder (third parties, clients or customers and the general public), within a secure environment. This Policy informs RampedUp’s staff, customer, and business partners entitled to use RampedUp facilities, of the principles governing the holding, use and disposal of information. It is the goal of RampedUp that:

• Information will be protected against unauthorized access or misuse.
• Confidentiality of information will be secured.
• Integrity of information will be maintained.
• Availability of information / information systems is maintained for service delivery.
• Business continuity planning processes will be maintained.
• Regulatory, contractual and legal requirements will be complied with.
• Physical, logical, environmental and communications security will be maintained.
• Infringement of this Policy may result in disciplinary action or criminal prosecution.
• When information is no longer of use, it is disposed of in a suitable manner. 
• All information security incidents will be reported to the CEO, and investigated through the appropriate management channel.

RampedUp requires all users to exercise a duty of care in relation to the operation and use of its information systems. With the exception of information published for public consumption, all users of RampedUp information systems must be formally authorized by appointment as a member of staff or by other process specifically authorized by the CEO. Authorized users will be in possession of a unique user identity. Authorized users do not know any password associated with a user’s identity by design.

RampedUp Provides 4 levels of user

• System Administration – RampedUp personnel only – with access to all customer, partner, and user data
• Partner Administration – RampedUp personnel and Partner personnel – with access to specific partner data
• Instance Administration – RampedUp, Partner personnel, and Customer admin – with access to specific customer data
• User – RampedUp personnel, Partner personnel, Customer admin, and customer users – with access to specific user data

RampedUp utilizes generally-accepted security measures (such as encryption) to protect against the misuse or unauthorized disclosure of any sensitive personal information you submit to us (such as log in information). Our customers are responsible for maintaining the security of their username and password. RampedUp employees do not have access to customers’ passwords. RampedUp Directors who are responsible for information systems are required to ensure that:

• Systems are adequately protected from unauthorized access.
• Systems are secured against theft and damage to a level that is cost effective.
• Data is maintained with a high degree of accuracy.
• Systems are used for their intended purpose and that procedures are in place to rectify discovered or notified misuse.
• Any electronic access logs are only retained for a justifiable period to ensure compliance with the data protection, investigatory powers and freedom of information acts.
• Any third parties entrusted with RampedUp data understand their responsibilities with respect to maintaining its security.

Duly authorized officers of RampedUp may access or monitor data contained in any RampedUp information system (mailboxes, web access logs, file-store etc). All employees must agree to the RampedUp Code of Conduct. Data security of RampedUp customers is based on the conduct, integrity and abilities of our employees. RampedUp expects all of its employees to share its commitment to high ethical and legal standards and to avoid any activities that could involve the Company or its colleagues in any real or perceived unethical, improper, or unlawful act. Our Code of Conduct Policy can be found here.

Individuals in breach of this policy are subject to disciplinary procedures at the instigation of the CEO with responsibility for the relevant information system, including referral to the local authorities where appropriate. RampedUp will take legal action to ensure that its information systems are not used by unauthorized persons.

Our employees must review and acknowledge the following documentation: Code of Conduct, Incident Response, Information Security Policy, Privacy Policy, and Terms of Use.

Customer may order from RampedUp licenses to access and use RampedUp’s proprietary software application to be hosted and made available by RampedUp as software-as-a-service basis, including any software and the RampedUp website located at rampedup.io (collectively, the “Service”). The specifics of each Customer order will be set forth on a written or electronic order form, quote and/or invoice (each, an “Order Form”) provided by RampedUp or made available on the RampedUp website.

Use of RampedUp’s systems will be lawful, honest and decent and shall have regard to the rights and sensitivities of other people. The detail of acceptable use areas may be found in the terms of usage All users must agree to terms of use to access the system.

Rampedup uses Amazon Web Services (AWS) and has strategically placed a limited number of access points to the cloud to allow for a more comprehensive monitoring of inbound and outbound communications and network traffic. These customer access points are called API endpoints, and they allow secure HTTP access (HTTPS), which allows you to establish a secure communication session with your storage or compute instances within AWS. To support customers with FIPS cryptographic Amazon Web Services, the SSL-terminating load balancers in AWS GovCloud (US) are FIPS 140-2-compliant. In addition,

AWS has implemented network devices that are dedicated to managing interfacing communications with Internet service providers (ISPs). AWS employs a redundant connection to more than one communication service at each Internet-facing edge of the AWS network. These connections each have dedicated network devices. Transmission Protection You can connect to an AWS access point via HTTP or HTTPS using Secure Sockets Layer (SSL), a cryptographic protocol that is designed to protect against eavesdropping, tampering, and message forgery.

For an Incident Response Plan to be effective, there are seven stages that need to be addressed. Proper execution of the response plan will require the efforts of various different departments within an organization. Detailing the roles and responsibilities of these individuals as well as creating precise guidelines for analyzing, reacting to, and controlling security violations.

• Preparation: The preparation step is critical. RampedUp Incident Response handlers are able to respond to cloud-specific events. Ensure logging is enabled using Amazon Elastic Compute Cloud (Amazon EC2), AWS CloudTrail, and VPC Flow Logs, collect and aggregate the logs centrally for correlation and analysis, and use AWS Key Management Service (KMS) to encrypt sensitive data at rest.
• Identification: Also known as Detection, RampedUp uses behavioral-based rules for identifying and detecting breaches, and we are notified about which user accounts and systems need “cleaning up.” We open up a case number with AWS Support for cross-validation.
• Containment: RampedUp uses AWS Command Line Interface (CLI) or software development kits for quick containment using pre-defined restrictive security groups. Save the current security group of the host or instance, then isolate the host using restrictive ingress and egress security group rules.
• Investigation: Once isolated, determine and analyze the correlation, threat, and timeline.
• Eradication: Secure wipe-files. Response times may be faster with automation. After secure wipe, delete any KMS data keys, if used.
• Recovery: Restore network access to original state.
• Follow-up: Verify deletion of data keys (if KMS was used), cross-validate with Amazon Support, and report findings and response actions.
• Monitor: We specifically monitor for this type of breach and test the Incident Response on a periodic basis.

Our RTO, or Recovery Time Objective, is 4 Hours. Our RPO, or Recovery Point Objective, is 24 Hours or time between data backups and the amount of data that could be lost in between backups. As a result of our testing and handling of an incident, RampedUp may change technologies, procedures, controls, and even business terms.

The privacy of your personal information is very important to us. This statement outlines what personal information RampedUp, LLC. (“RampedUp”) collects about you and how we use it in the RampedUp software, widgets, products and services, and our website located at www.rampedup.io (the “Site”) (collectively, the “Service”). If you have any questions or concerns relating to privacy or security, please send an email to contact@rampedup.io

Our Privacy Policy can be found here