SECURE AND RELIABLE SERVICE

Keeping Turtl online

Your content is as important to us as it is to you. Our expert engineers work tirelessly to ensure that Turtl is accessible 24/7 across the globe.

Turtl uses industry-standard logging and monitoring to secure the health of our services, and we have redundancy in place across our infrastructure. The software is distributed across at least 3 data center availability zones and multiple failover instances are in place.

If something isn’t working as it should

If a situation arises that may impact your content or use of the tool in any way, you’ll be made aware of it by your Customer Success Manager, who will keep you continuously updated until the situation is resolved.

You can also check our status page: status.turtl.co

How we keep your data safe

We securely back up your data on a recurring basis and keep all backed-up data encrypted and stored with the same standards of security as live data.

Turtl encrypts data in transit – all sessions are protected with TLS v1.2+. Certificates are issued by Let’s Encrypt.

We use high-grade firewalls at various stages to help keep your data safe and protected from DDoS attacks.

You can use SSL (TLS) on your custom Turtl domain. Your Customer Success Manager can guide you through the setup.

Keeping Turtl secure

We take measures to ensure security is incorporated into every stage of our software development lifecycle.

All Turtl code is high quality from conception to deployment and is reviewed by a senior developer with specific reference to OWASP security principles.

We also conduct Dynamic Applications Security Testing (DAST) and Static Application Security Testing (SAST) are also conducted on a regular basis and before each major new revision.

Turtl is IS27001 certified with an external audit conducted annually.

Physical security protections

Turtl is hosted using Amazon Web Services, one of the world’s leading cloud providers. Access to these data centers is strictly controlled and monitored by security staff, tight access control, and video surveillance. AWS services are SOC 2 Type II and ISO 27001 certified and provide N+1 redundancy to all power, network, and HVAC services.

Audits, vulnerability assessment, and penetration testing

We test for potential vulnerabilities continuously in all layers of the technology stack and use best-practice scanning tools to protect infrastructure components.  Dynamic application scans, static code analysis, and infrastructure vulnerability scans are run on a regular basis.

Our code is regularly reviewed by members of our Ops Team for potential security weaknesses. We also use a Network Intrusion Detection System which constantly monitors activity to check for and flag anomalous behavior.

We bring in industry-respected 3rd party penetration testing firms twice a year to test Turtl. We also have rigorous internal and external audit processes to ensure that processes are implemented and working as intended.

When vulnerabilities are identified, our patch management process pushes security updates fast and consistently. Where possible, we replace un-patched components with fresh, new pre-patched ones which results in a high degree of confidence that everything is always running on the latest, most secure products available.

Incident response

Turtl has an incident response program that is responsive and repeatable. It is based on standard incident response processes and our staff is well-trained. Fire drills are conducted regularly to test the program for effectiveness.

In the eventuality of an incident, we communicate it to customers promptly and accurately, keeping you informed until the situation is resolved.