Security & Compliance

For real-time updates on service availability and operational status, visit our dedicated status page. We maintain transparency about system health and promptly communicate any incidents here.

DecisionRules leverages Amazon Web Services (AWS) as our cloud service provider. We offer data hosting across multiple regions including the United States and Europe, allowing you to choose where your data resides.

All systems receive time information from secure, authorized central time servers using Amazon Time Sync Service. This NTP-based service uses redundant satellite-connected and atomic clocks to deliver highly accurate time references with automatic leap second handling.

DecisionRules maintains documented incident response procedures to ensure rapid detection, containment, and resolution of security events. Our team is trained to respond effectively to potential threats.

We maintain a proactive vulnerability management process. All DecisionRules Docker images are automatically scanned using Trivy. Identified vulnerabilities are remediated within a maximum 14-day resolution period.

Annual penetration tests are performed by independent security contractors to identify and address potential vulnerabilities before they can be exploited.

DecisionRules provides comprehensive audit logging capabilities, enabling you to track all changes and access to your business rules for compliance and forensic purposes.

Protect your account with two-factor authentication (2FA), adding an extra layer of security beyond passwords.

DecisionRules supports the principle of least privilege through configurable access roles. The platform provides four default user roles (Admin, Editor, Reader) with the ability to create custom roles tailored to your organization's needs.

Integrate DecisionRules with your existing identity provider for seamless and secure authentication across your organization.

DecisionRules ensures data security with robust backup strategies. All data is stored in MongoDB Atlas with automated backup procedures to protect against data loss.

All databases are encrypted using cloud provider-managed keys, ensuring your data remains protected even at the storage level.

TLS encryption is enforced across all communication layers within the application, protecting data as it moves between systems.

DecisionRules is committed to GDPR compliance and protecting the privacy rights of individuals within the European Union.

DecisionRules has appointed Petr Lev as Data Protection Officer, responsible for advising and monitoring our compliance with GDPR and relevant internal policies.