Data Security


  • How is your data encrypted?  
    Pando uses encryption for data both in rest and in motion. For data at rest, Pando uses AES 256 keys managed in AWS to encrypt the data. For all data in transit, Pando uses TLS v1.2 using HTTPS to encrypt the data. 
     
  • How does Pando ensure secure integrations? 
    Depending on the use case, Pando may request and maintain integration with a client’s ERP. This integration can be one-way (i.e ERP-Pando, or Pando-ERP), or two-way. Pando ensures that all such access to data through APIs requires a role-based auth token and includes multifactor authentication for critical business use cases. All Integrations are done over HTTP/SFTP channels with support for mutual authorization-based SSL Certificate keys. An audit log is maintained for all operations that happen in the application. 
     
  • How do we secure your data within our company? 
    Pando’s data policy revolves around the fact that the client is the data controller while Pando is in charge of maintaining and processing the data. Clients own the data and can modify security authorization, regulate access, and configure flows, while the Pando platform maintains secure access to all data maintained on the platform through encryption. All access to the data maintained on the system can be regulated only by the client. Pando and its employees will not have access to client data unless specifically granted access by the client. 
     
  • How do we dispose of redundant data? 
    The Pando product and platform is GDPR compliant. We follow industry standards on data handling. The scope of the Pando product does not necessitate the collection or maintenance of any user informationHowever, data pertinent to client’s logistical operations, such as master data, shipment data, payments, and document are stored on Pando in line with needs of the product and the client. All such data will be maintained for a period of 2 years before being purged from the system. 
     
  • How is user access to the data handled? 
    Pando adheres to access management protocols and implements restrictions based on the principle of least privilege. Our employees and partners are required to follow internal data protection policies, receive training in personal data protection, and sign non-disclosure agreements. 
     
  • Are you ISO/SOC compliant? 
    Yes, Pando is ISO 27001:2013 certified. We accord importance to the data and handle it with utmost sensitivity. We are committed to maintaining the highest standards for security. We have implemented relevant security processes and undergone rigorous auditing to become officially certified as ISO 27001 compliant. This certification is a standardized auditing of how information security is managed, to ensure that your data is safe with us. We are also SOC 2 compliant. Please find our ISO and SOC certificates here. 

     

Data storage 


  • Where do we store your data?  
    Pando stores all data on servers provided by Amazon Web Services (AWS). AWS is the industry leader for cloud hosting and maintains secure data centres across the globe. Pando is multi-region enabled and supports hosting of client data in region of choice. Learn more about AWS here.  
     
  • How do we recover data? 
    Pando maintains a backup of all client data that is stored on the system. The backup is initiated periodically as a contingency. A backup is taken at the following time intervals-- once every 6 hours, end of every day, every week (Monday), and every month (1st day of every month). The backup is retained for the following time duration:  
    • Daily back up: Retained for 7 days  
    • Weekly back up: Retained for 4 Weeks 
    • Monthly back up: Retained for 12 Months  
       
  • Is on-premise deployment possible?  
    With an emphasis on scalability, security, and ease of access, Pando offers a cloud-based platform that is robust and can be scaled up in functionality as your organization grows. As a fast-growing product with a value promise that is tech-driven, Pando relies on regular and timely updates to the product which are best achieved through cloud-based products. It also leverages the flexibility of a cloud-native solution that is easy to implement and modify. To provide this standard of service to all clients across geographies, Pando is offered as a cloud-only product and does not support on-premise deployment. 
     
  • Is deployment to a different cloud infrastructure or region possible? 
    As a standard offering, Pando is hosted on AWS and maintained for customers on the same platform. AWS is the platform of choice for most businesses and hence Pando is deployed on the service. However, for clients that request deployment to an alternate cloud platform such as Azure or Google Cloud, Pando is multi-cloud enabled and can be deployed to either platform. However, the request would be considered on a case-by-case basis and additional charges may apply. 

 
Code integrity 


  • How do we secure code integrity? 
    Pando maintains all our codes on a private GitHub repository and follows secure access policies for internal teams to access code repositories. In the event of a code change, an extensive review is done on both the front and the back ends to check for and address breakages. Every commit is vetted and approved by senior engineers. Our team employs a thorough automated testing regimen which includes unit tests and integration tests. We also employ manual testing to check for code sanity and check for security shortcomings. Our product is also subject to regular penetration testing and audit by an independent third party to evaluate security and be future proofed for emerging threats. 

For questions beyond the scope of this document, please contact us at [email protected]