Can you provide details on Double the Donation's Application and Software Security, Datacenter Protections, System Resiliency, and Audits, Vulnerability, and Penetration Testing

This article provides an overview of the steps Double the Donation takes to prioritize data security.

 

Our products and services are transforming the matching gift industry with cutting-edge tools and automation. But the backbone of our success is providing a safe and trustworthy place for your fundraising data. Protecting your data is our obsession.

SOC 2 Type 2 Compliance

Double the Donation is SOC 2 Type 2 compliant

Double the Donation is proud to be SOC 2 Type 2 compliant, with an unqualified opinion on our audit report.

 

For the most comprehensive, up-to-date security and compliance information, including our Letter of Attestation, visit the Double the Donation Trust Center, hosted by Vanta.

 

Resilience and Availability


Will Double the Donation's software be available?

Yes! Double the Donation's availability is consistently above 99.99%. Any customer data is 100% backed up to multiple online replicas with additional snapshots and other backups.

Data Backups

Double the Donation backs up its database data every hour to multiple sources via encrypted channels. We regularly test backups on a spare server to ensure that our backups work and that they can be quickly restored when necessary.

What if something isn't working as expected?

Your matching gift pages, usage of our search tools, and matching module automation and outreach are as critical to us as they are to you. If there’s ever a customer-impacting situation please email  support@doublethedonation.com with the subject line starting with "URGENT" and we'll route it appropriately. 

How clients are affected if our services go down

We design our code so that when adding our plugin to your forms, they continue to work even if our plugin is not functioning. For example, if you put our streamlined search on your donation form, the matching gift input form field will fall back to a standard form field if our plugin can't be loaded. That way, donations will still be processed, just without matching gift information.

 

Our dedicated matching gift plugin will simply show a space if it cannot be loaded.

 

Emails to donors are not sent when our services are down but are queued to be immediately sent when service resumes.

Does Double the Donation monitor its systems and software?

Yes! Our operations teams monitor software and application behavior 24x7x365 using industry-recognized solutions with multiple notification systems in place, including services like Uptime Monitor and Sentry.io. We have multiple personnel able to respond to downtime and restore services. 

 

Application Security

 

Does Double the Donation encrypt data in transit?

Yes! Sessions between you and your portal are always protected with top-end in-transit encryption, advanced TLS (1.2) protocols, and 2,048-bit keys.

 

Can I use SSL (TLS) with Double the Donation's tools?

Yes! TLS is always enabled for all traffic coming in and out of Double the Donation. 

 

Is my website or data protected by a Web Application Firewall and network firewall?

Yes! Double the Donation prevents attacks with sophisticated monitoring and protections including a high-grade web application firewall and tightly controlled network-level firewall. In addition, Double the Donation's Distributed Denial of Service (DDoS) prevention defenses protect your site and access to your products from attacks.

 

Does Double the Donation incorporate security into its software development lifecycle (SDLC)?

Yes! Double the Donation's code is high quality from conception to deployment. We ensure development best practices are implemented across our ongoing code pushes. Responsive software development means new features, resiliency improvements, and bug fixes arrive continuously and seamlessly.

Datacenter Protections

Are physical security protections in place to protect my data?

Yes! Double the Donation's products are hosted with the world’s leading data center providers. Access to these data centers is strictly controlled and monitored by security staff, tight access control, and video surveillance. Our data center partners are SOC 2 Type II and ISO 27001 certified and provide N+1 redundancy to all power, network, and HVAC services.

Software Security

Can the Double the Donation software respond quickly to new security needs or threats?

Yes! Between our streamlined, rapid approach to application delivery and our highly automated server infrastructure, Double the Donation quickly addresses security issues as they arise. These technology and process structures allow Double the Donation to rapidly adapt as new threats are identified.

Does the Double the Donation infrastructure detect and prevent attacks?

Yes! Double the Donation uses enterprise-grade firewalls, routing, intrusion prevention, and behavior analytics capabilities to protect infrastructure and thwart attacks.

Does Double the Donation rapidly patch and update when vulnerabilities are identified?

Yes! Double the Donation's patch management process pushes security updates fast and consistently. 

Does Double the Donation have an incident response program?

Yes! Double the Donation's incident response program is responsive and repeatable. Incident process flows and investigation data sources are pre-defined during recurring preparation activities and exercises and are refined through investigation follow-ups. We use standard incident response process structures to ensure that the right steps are taken at the right time.

Audits, Vulnerability Assessment & Penetration Testing

Does Double the Donation have a repeatable process for discovering and quickly correcting security bugs?

Yes! We test for potential vulnerabilities continuously in all layers of the technology stack. Dynamic application scans, static code analysis, and infrastructure vulnerability scans are run regularly. 

What security is in place at Double the Donation's data centers?

Our data center providers maintain ISO 27001, SOC2 Type II, and   many other certifications.