Want the latest news and articles delivered right to your inbox?

April 19th, 2022 (Updated 04/25/2022) | 10 min. read

Jaroslaw Podgorski & Michaela Kubišová
Senior Security Specialist in Compliance & Senior Manager Compliance and Operations at Pricefx

How Safe is the Pricefx Infrastructure? – Very, and Here is Why

Cybersecurity is one of the greatest threats to most companies worldwide. Since the onset of COVID-19, the FBI has seen a 300% rise in cybercrime. What’s more, with data breaches up by more than 68% in the 2021 calendar year, it is quite a valid question to ask, ‘How Safe is the Pricefx infrastructure?’ 

The answer is – generally speaking, your company’s data that is stored within the Pricefx system is much safer there, than it is on your work computer, home computer or your smartphone. Because of the native cloud infrastructure, the underlying architecture of the Pricefx system is designed to be respondent and proactive in detecting and repelling security threats, but there is much more to it than that.  

For more than 10 years now, Pricefx has been taking the company culture and values of ‘fast, flexible and friendly’ seriously. What that means for you as our customer is that we are indebted to protecting you and your business and supplying you with a safe and secure working environment. Our way of looking at security is that it is part of our service to you. 

So, let’s dig in and analyze the processes and the ways in which we deliver on the security promise, from the development and architecture of the Pricefx pricing software product itself, through to the processes that are established, and the rules and standards adopted to safeguard the entire Pricefx infrastructure. 

The Inherent Safety of Pricefx’s Native Cloud Pricing Software

Pricefx-and-cloud-security

Just because your company’s servers are no longer located down the hall from your office, or in your organization’s basement, it does not mean they are any less secure than they once were. Pricefx is 100% Native Cloud pricing software, and that means rather than servers sitting onsite in your building, they are a collection of remote servers (usually physical servers in a remote data center).  

Rather than being ‘out-of-sight-and-out-of-mind’, the physical security of those data centers is more ironclad than you might expect. Particularly to off-set the psychological loss of security compared to on-premises security, the cloud’s physical data centers are built to withstand fire, flood, earthquake and all manner of natural disasters. What’s more, these buildings tend to have a lot more physical security controls and devices (numbered or fingerprint touchpads, swipe-passes etc.) and measures in place than your average on-premises data center based in a corporate basement, or down the hall from your office. 

Physical security measures in data centers usually include: 

  • Reinforced concrete walls to protect the facility from external attacks. 
  • A personal badge or a coded pin pad security system to grant access only to persons with data center security clearances. 
  • Traditional security measures like security guards, cameras etc.
  • Regulated climatic conditions to monitor temperature, humidity etc. and regulate it to the ‘Goldilocks’ zone. 
  • Server cabinets and cages that are bolted into the ground and secured under lock and key. 

As we run Native Cloud pricing software for more than 100 clients, Pricefx have embraced superior security standards and technologies into their physical security infrastructures. So stringent are the security measures, they are often well beyond the affordability of most individual companies, making it not only a more secure method to do business in the cloud than on your own servers but more affordable too. 

With the cloud, managing data security is much easier, agile and faster. Rather than controlling every aspect of your data security on-site, Pricefx can maintain efficient and effective cloud security frameworks for you that can keep up with the latest in emergent threats. What’s more, reaction time is fast. Cloud-based architecture allows for instant threat response and simpler problem identification due to the ‘white box’ design of the system. 

Threat detection has been included from day one in the Pricefx software development lifecycle. We check the components from which we build our software to make it safe. Our software development is subject to dependency checks. Multiple vulnerability scans are performed in the cloud architecture. Of course, no system is ever 100% protected. However, what we have ensured in our system architecture is that in the unlikely event something happens, or a threat is detected, Pricefx reaction time is designed to be as fast as possible. 

Pricefx and Virtual Security

Pricefx-Virtual-Security-Servers-Lock-and-Key-Security-on-Touchscreen

Whilst physical security goes hand-in-hand with virtual security measures, in the modern world, the strongest reoccurring threats come from different types of cyber-attacks. In addition to the usual virtual data security features that Pricefx and any pricing software provider will supply to your business (such as encryption services, identity, and access management, (IAM) Built-in firewalls, Redundancy (ultra-backed-up data) etc. – those interested can read more about these in-depth in our recent blog article – “Is Cloud Infrastructure Really Safe? Yes & Here is Why), Pricefx offers the added extras below to ensure the protection of your data.

Pricefx Third-Party External Security Penetration Testing 

For your (and our) peace of mind on virtual security of the entire Pricefx infrastructure, multiple times per year (at least twice – usually in June and November, but more if required) we pay to have an independent auditor conduct a penetration test on our system. That test gives us a health check on our infrastructure and how it responds to and protects us from attempts of mail phishing, uploads of malicious files, Malware, Ransomware, viruses and other types of cyber-attacks. 

We regularly report low incidences of threat, and if anything at all untoward is unearthed during our penetration testing, it is acted on and addressed immediately. 

The results of our regular penetration tests are available to all our customers and prospects upon agreeing to and signing a Non-Disclosure Agreement (NDA). 

Your Company’s Own Penetration Testing of the Pricefx System  

As part of our Pricefx ‘Fast, Flexible & Friendly’ company motto, we invite external testing by our clients. Usually undertaken by a third-party, the external testing boosts the odds that the Pricefx system infrastructure has the defenses in place required to keep your data security intact. 

We want to know and be sure just as much as you do that our pricing software solution is protected and safe to use, and that we can continue to react quickly to any possible threat in a correct and diligent manner. 

Click here to learn more about security reporting at Pricefx. 

The Pricefx Security Scorecard 

Security Scorecard is a global leader in cybersecurity ratings and the only worldwide service with millions of organizations continually being rated with transparent, publicly sourced methodology and formulas used to create the security scores. 

We are delighted to advise our most recent test score of 97 out of 100. See the screen shot below.  

Pricefx-Security-Scorecard

Pricefx Governance and Legal Compliance Security Measures

Pricefx-Governannce-And-Legal-Compliance-Security-Measures

Pricefx’s Governance and Legal Compliance security measures protect our users’ privacy as prescribed by the relevant legislative bodies. Over the last 15 to 20 years as the pace of technology has grown, governments at various jurisdictional levels have taken up the importance of protecting private user and business information. As a result, organizations like Pricefx and many others must now follow regulations to abide by these policies at a global level in addition to other various laws that also apply inside their individual jurisdictions of operation. 

Additionally, Pricefx have their own set of internal procedures that all their employees and contractors must follow, including in-house IT Policies and Procedures and Security and Data Protection Policy. 

Pricefx is happy to provide to all customers and potential customers, copies of our ISO certifications, SOC 1, and SOC 2 certification reports upon request (see certification explained below). 

  • Service Organization Control 1 Type 2 (SOC 1 Type 2) – Covering all Pricefx global operations, this certification focuses on our control over financial reporting. Conducted on an annual basis, the SOC 1 Type 2 certification ensures that Pricefx’s operations controls are defined, implemented, and fully functioning through testing. 
  • Service Organization Control 2 Type 1 (SOC 2 Type 1) – Another globally recognized certification focusing on the Pricefx service controls over security, availability, processing integrity, confidentiality, and privacy. SOC 2 Type 1 ensures that our Pricefx operational controls are well defined. 
  • Service Organization Control 2 Type 2 (SOC 2 Type 2)This global certification covers security, availability, processing integrity, confidentiality, and privacy, and that within Pricefx itself, they are defined, implemented, and fully functioning through testing. 
  • International Organization for Standardization, Standard 27001(ISO 27001)The primary focus is on information security topics within Pricefx. ISO 27001 ensures that the Pricefx processes dedicated to information security are well designed and followed by our personnel. Just like ISO 9001, the ISO 27001 certification is also valid for 3 years and is also subject to an annual surveillance audit. 

Other Non-Security Related Certifications 

Quality Management of the Entire Pricefx Infrastructure Environment 

We are continually looking to improve the quality of the Pricefx products and services and consistently meet our customers’ expectations (including security amongst our range of other services). 

The following certification applies to the Quality Management of the entire Pricefx environment; 

Based on the report issued by Time Data Security (TDS), Pricefx have again achieved the requirements of both ISO 27001 and ISO 9001:2015 standards and “fresh” certificates have been issued for another 3 years (as at April 2022). 

Pricefx and General Data Protection Regulation (GDPR) and Personal Data Protection 

General Data Protection Regulation (GDPR) has been put in place to help protect end users from the sale and sharing of their sensitive data. GDPR applies to any organization operating within the European Union (EU), as well as any organization outside of the EU which offers goods or services to customers or businesses inside the EU. Yes, that means Pricefx, and possibly your company too.  

These days, almost every major corporation in the world requires a GDPR strategy. 

Inevitably, data breaches will eventually happen. Information can become lost, stolen or otherwise, finding its way into the hands of people never intended to see it – and those people can often have malicious intent. GDPR mitigates the damage. 

Under the terms of GDPR, Pricefx and other compliant organizations ensure that personal data is gathered legally and under strict conditions. Furthermore, those who collect and manage personal data (including Pricefx) are obliged under the terms of GDPR to protect the data from misuse and exploitation, in addition to respecting the rights of data owners – or face penalties for not doing so. 

Other Handy Pricefx Security Information

Click here to view the Pricefx Privacy Policy in full 

 

Those interested in the Pricefx website Terms and Conditions can find the information here 

 

Further information can be found here on the Pricefx Compliance Reporting link. 

Security is Part of the Pricefx Product – AND our Company DNA 

The real point of difference in Pricefx pricing software is that not only has security been embedded from Day 1 in the design of the system, but it is also an integral part of our organizational DNA. Our values are ‘fast, flexible and friendly,’ and that client-focus means that we feel compelled to protect our clients. 

While it may sound simply like ‘fuzzy and warm-hearted’ sentiment, ‘fast, flexible and friendly’ works at a granular everyday level within the Pricefx organization putting that genetic blueprint on everything we do, including the security of your data within our system. 

Want to continue your learning journey on the innate security of the Pricefx system?  

Check out our recent article on what makes native cloud infrastructure (like that on which Pricefx is built) the security ‘gold standard’ here:  

CTA-Is-Cloud-Infrastructure-Really-Safe

Or if you’re convinced that cloud infrastructure is safe, then maybe you’d like to find out what the implementation process is like so you can get ready for your own pricing project. Check out the article below which describes the phases of a pricing software project. 

Phases_of_a_Pricing_Project_Button