Q: Will Neptune’s proprietary data used for the PoC be stored encrypted on your cloud platform?
A: Yes, the PoC is conducted on our production servers, ensuring the same encryption and security measures as a full implementation. This also allows for a seamless transition from PoC to go-live, minimizing additional setup time.
Q: If yes, please indicate the encryption algorithm used, as well as the key length.
A: We use AES-256 encryption, with key management handled by Azure.
Q: If the service is contracted, will the rest of the data to be uploaded be stored in the same way as that provided for the PoC? If not, please specify.
A: Yes, the same encryption and storage logic used for the PoC will apply to all data uploaded if the service is contracted.
Q: Are backups stored encrypted? If yes, please indicate the encryption algorithm used, as well as the key length.
A: Yes, all backups are encrypted using AES-256. Azure handles the encryption process, ensuring security and compliance.
Q: Is all scoped data sent or received electronically encrypted in transit while outside the network? And inside the network?
A: Yes, all data transmissions are encrypted using HTTPS, ensuring secure communication both inside and outside the network.
Q: If yes, please indicate the encryption algorithm used, as well as the key length.
A: We use HTTPS with multiple ciphers to ensure secure data transmission.
Q: If HTTPS communications are used, please indicate the encryption protocol used in the transport layer (SSL, TLS, etc.) and version.
A: We use TLS 1.2 or higher for secure HTTPS communications.
Q: Do you use a Hardware Security Module (HSM) to manage encryption keys?
A: No, all encryption keys are managed by Microsoft, ensuring a secure and streamlined process.
Q: How are encryption keys stored, rotated, and destroyed to ensure security?
A: All encryption keys are managed by Microsoft, following industry best practices for storage, rotation, and disposal.
Q: Are cryptographic modules certified (e.g., FIPS 140-2 or equivalent)?
A: Yes, managed keys are FIPS 140-2 Level 3 compliant.
