Dovetail has taken steps to ensure the security of the physical office environment and continuity of business operations in the event of a disaster. Dovetail web application infrastructure, and customer data, is not located or stored within any physical Dovetail office environment.
Access to Dovetail's office is restricted using physical locks which only Dovetail employees can access. Dovetail's office remains locked throughout the entire day.
Dovetail's office environment also has security safeguards including:
Security alarms – the office building has motion alarms that alert building management who respond to alarms 24 hours a day, 7 days a week, 365 days a year.
Security video surveillance – the internal office entry / exit points and network room have continuous video surveillance. The office building has external video surveillance and an agreement is in place with building management to access surveillance footage in the event that it is needed.
Fire alarms and sprinkler system – fire alarms are installed throughout the office. Sprinkler fire suppression systems and extinguishers are in place.
All visitors must sign-in via Envoy and be escorted and supervised by Dovetail employee at all times.
Dovetail has an asset management policy in place to protect data that is stored and accessible via endpoints, such as company workstations and laptops.
Screen lock enabled
Latest security updates
Malware detection and anti-virus
Personal firewall enabled
Encrypted SSH keys
Password management software
All corporate devices are also enrolled in mobile device management (MDM) enabling Dovetail to remotely manage assets to ensure compliance with configuration standards and enabling remote lock and erase in the event of a lost or stolen device.
All corporate wireless networks, including both corporate and guest networks, encrypt data in transit using WPA2-AES encryption. Guest network traffic and access is separated from corporate network traffic and access.
Corporate networks are protected with Intrusion Detection Systems (IDS) and Intrusion Protection Systems (IPS) to block malicious traffic and actors attempting to access Dovetail's corporate network.
Dovetail prohibits use of removable media and offline backups to mitigate both the risk of data loss as well as the risk of malware being introduced.
All new employees receive onboarding and systems training. This training is completed annually by employees and training compliance is monitored.
The main topics covered in security training are:
Social engineering – primarily phishing and how to detect and report attacks.
Passwords – background in how passwords are cracked, why strong passwords are important, and storage recommendations for passwords.
Physical Security – guidelines for maintaining the physical security of offices and equipment.
Data Handling – understanding data classification and how to properly handle such data.
Compliance – its importance and how it affects operations.
Dovetail has a comprehensive set of risk management principles, policies and procedures in place to identify new business and technical risks, and put plans in place to mitigate those risks.
Dovetail believes that effective risk management involves:
A commitment to the security, availability, and confidentiality of Dovetail infrastructure and services from senior management.
The involvement, cooperation and insight of all Dovetail staff.
A commitment to initiating risk assessments, starting with discovery and identification of risks.
A commitment to the thorough analysis of identified risks.
A commitment to a strategy for treatment of identified risks.
A commitment to communicate all identified risks to the company.
A commitment to encourage the reporting of risks and threat vectors from all Dovetail staff.
Dovetail maintains a comprehensive set of organizational security policies that must be agreed to by all employees annually.
All policies are reviewed and approved by management annually. Employees who violate any policies may face disciplinary consequences in proportion to their violation.
You can view and request a copy of our policies in our trust center.
Explore further security information, keep up-to-date with real-time monitoring and request access to Dovetail's security documentation on our trust center.Open trust center
Dovetail relies on vendors to perform a variety of services, some of which are critical for operations. Dovetail aims to manage its relationship with vendors and manage the risk associated with engaging third parties to perform services.
Dovetail conducts due diligence on an individual vendor's security, business practices, and legal commitments. This assessment includes a review of supply chains for modern slavery. Dovetail's vendor management policy provides a framework for managing the lifecycle of vendor relationships.
Dovetail utilizes some vendors as data subprocessors to provide the Dovetail services. Dovetail takes a risk-based approach to selecting data subprocessors based on the security and business practices of these vendors. To minimize our risk and the risk to our customers, we aim to utilize as few data subprocessors as possible to provide the Dovetail services.
Dovetail's data subprocessors are listed at data subprocessors.
All employee and contractor agreements include a confidentiality agreement. All employees agree during and after employment that they will:
refrain from disclosing confidential information
not use confidential information for purposes other than their employment
keep confidential information secure and not disclose or publish information except when authorized or as required by law
On termination of employment, all employees must return all confidential information and must permanently erase all confidential stored on any device.
Dovetail conducts background checks for all new hires via Checked. Checked performs a Nationally Coordinated Criminal History Check that verifies the following information:
Disclosable court outcomes
In addition to background checks, Dovetail also verifies the prior employment history before an offer of employment is made to new hires.
Give us feedback
Was this article useful?