Data Management You Can Trust

We’ve implemented industry best practices to ensure your data is always in safe hands

Security Update

What is the Log4j vulnerability (CVE-2021-44228) ?

Log4shell (CVE-2021-44228) is a critical vulnerability identified in the Apache Log4j Java library on Thursday, December 9, 2021. A widely used logging tool, Log4j is used to collect information across thousands of apps and services on the internet. This vulnerability allows attackers to execute code remotely and target computer systems exposing them to data theft and malware.

Are EZO Products affected by Log4shell?

EZO Products do not use Log4j. We have fully investigated our technology stack and can confirm that EZO Products are  not impacted. We will continue to monitor potential security vulnerabilities to proactively mitigate risk if identified.

CSA STAR Level 1

EZO is CSA STAR Level 1 certified. The Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry that documents the security and privacy controls provided by cloud computing offerings. STAR encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls Matrix (CCM). As part of the CSA STAR Registry, we can show current and potential customers our full security and compliance posture, including the regulations, standards, and frameworks that we adhere to. To view our STAR registry listing, click here.

SOC 2 Compliance

We are Service Organization Controls (SOC) 2 compliant, based on an  audit against the Trust Services Principles and Criteria (TSP) of the American Institute of Chartered Public Accountants (AICPA). The AICPA SOC 2 Type 2 report gives assurance with regards to the security, availability, processing integrity, confidentiality, and privacy of information and data systems directly owned, managed and controlled by EZO. Additionally, SOC 2 compliance ensures transparency and provides a level of trust to our customers on security controls implemented to safeguard customer data on all control environments pertaining to retrieval, storage, processing, and transfer of data. To request EZO’s SOC 2 Type 2 report, please reach out to support@ezo.io.

ISO 27001 Certification

EZO is certified by Resource Inspection Canada Incorporated (RICI) for ISO/IEC 27001 compliance. RICI is a Certification Body associated with the International Accreditation Service (IAS) in the US and is geared towards exceeding customer satisfaction in the fields of ISO Management Training, Auditing, Inspections, Testing, and Certification. The ISO/IEC 27001 is one of the most widely acknowledged information security standards worldwide, outlining best practices to secure the confidentiality, integrity, and availability of information in a company. ISO/IEC 27001 outlines and provides the requirements for an information security management system (ISMS), specifies a set of best industry practices, and details the security controls that can help manage information risks. As an ISO 27001 certified company, EZO is able to easily detect, monitor, and eliminate any potential information security risks - particularly as they relate to rental management, access control, and classification policies.

GDPR Compliant

With our GDPR compliance in place, ’European customers can have added trust in the privacy of the data made available to us. Additionally, customers themselves can adhere to impregnable data protection standards just by using us to track their inventory and rental assets. This means that not only are EZO Products  GDPR compliant, but we also enable our customers (as Data Controllers) to become GDPR compliant. This is the result of our new functionality relating to data security and consent offered in each EZO Product.

Hosted on Amazon Web Services

All EZO Products are hosted  on Amazon Web Services (AWS). The AWS is ranked as one of the world’s best cloud computing services and stores information of some of the largest global enterprises. To this end, it has robust controls in place to ensure security and data protection in the cloud. The AWS IT infrastructure is therefore developed and managed in agreement with security best practices and a variety of IT security standards. For an overview of the security processes in place at AWS, read more about AWS Security Whitepapers here

Additional Security Measures

EZO continues to make data security a priority. Here are some of our additional security measures:

• All the data we process is encrypted using the AES-256 encryption specification.

• We execute penetration testing every six months to detect potential security vulnerabilities.

• Our internal and external integrations rely heavily on authentication/authorization protocols.

• Our Enterprise Private Cloud option ensures your enterprise’s data is kept on a separate server instance.

Have Questions?

Reach out to us at support@ezo.io

Get in touch

Learn more about our solutions or just say hello.