FAQs

Yes, each client's data is segmented into separate containers in AWS. Each client's API calls in their Datagrid account are unaffected by another client's API call to the same resource. An example of such a resource is Procore.

Yes, Datagrid is hosted on AWS and so utilizes AWS Guardduty and Cloudwatch.

Yes, while backups are performed daily, recovery is tested on a weekly basis to ensure recoveries are performing to plan.

Currently, Datagrid supports SSO (Google, Microsoft & Okta). Any other type of federated ID can be scoped and supported if needed.

Major updates are released on a monthly schedule with point releases over the same time interval. When needed, Datagrid published maintenance windows. Typically maintenance and updates are performed with no downtime.

If there are any product updates that may impact the clients' workflows, the customer success team communicates that to the clients and helps maintain the workflow prior and post the updates.

Yes, customer data is logically separated at the database/datastore level using a unique identifier for the customer. The separation is enforced at the API layer where the client must authenticate with a chosen account and then the customer unique identifier is included in the access token and used by the API to restrict access to data to the account. All database/datastore queries then include the account identifier.

Yes. For Datagrid’s product & engineering systems, the RTO & RPO is 24 hours.

Yes, yearly. The incident response plan is tested annually via either tabletop review or an incident simulation.

We use AWS tools, like Guardduty, for our production environment. In addition, Google also has tools for our accounts. Observed through Drata's automated test that Global WAF ACLs have been created on the AWS infrastructure to determine that web application firewalls protect the application from external threats. Web Application Firewall (WAF): Provide metrics regarding attempted and successful requests to the application.

Yes. Activity is logged via AWS Cloudwatch.

Yes, Datagrid requires a minimum complexity for passwords. Additionally, Datagrid supports SSO.

Data at rest - Data at rest in Datagrid’s production network is encrypted using industry-standard 256-bit Advanced Encryption Standard (AES256), which applies to all types of data at rest within Datagrid’s systems—relational databases, file stores, database backups, etc. Data in transit - To protect data in transit between our app and our servers, Datagrid supports the latest recommended secure cipher suites to encrypt all traffic in transit, including the use of TLS 1.2 protocols, AES256 encryption, and SHA2 signatures, whenever supported by the clients.

Yes, we are GDPR, SOC 2 Type I & II compliant. In addition, Datagrid undergoes a yearly penetration test and quarterly vulnerability scans.

Datagrid provides role based access control where users are grouped as “Owners”, “Members”, and “Collaborators”; each group maintains their own set of permissions.

Integration credentials are managed via the customer designated administrator. Datagrid stores credentials encrypted with the passkey managed via AWS secret manager. Encrypted credentials never leave the server environment.

At the product level Datagrid does not store credit card information. When necessary to accept CC info, (eg. for billing purposes), Datagrid uses a PCI compliant partner, Stripe.

While Datagrid does not expose a “trash can” at the moment, items in Datagrid are “soft-deleted” allowing for recovery. Additionally through the connected integrations Datagrid supports the re-ingestion of delete data if needed.

Datagrid is optimized for the latest Google Chrome, Microsoft Edge & Safari browsers.

Datagrid is a cloud-hosted solution. As such, it does not require any software to be downloaded to the users’ PCs.Integrations against desktop applications may require the installation of a plugin to the integration target. For example, integrating data from Revit, Navisworks, etc. (desktop tools) is accelerated via the installation of Datagrid provided plugins for these tools.

Datagrid is a multi-tenanted solution. API usage is limited to 3000 requests/hour, but can be increased if/as needed.

Datagrid stores customer data in a secure production account in Amazon Web Services (AWS), using RDS and S3. Datagrid hosts on AWS in the us-east-1 (N. Virginia) region by default. Data is replicated across multiple regions for redundancy and disaster recovery

Yes we have pre-built template workflows and dashboards/reports around BIM (design comparison, 4D - 7D), PM, Cost analysis, etc.

Yes, checked daily. Data is persisted in AWS S3. S3 is configured for Advanced Encryption Standard (“AES”) 256 encrypted disks for all data stored at rest. Datagrid ensures that company-issued laptops have encrypted hard-disks.

Yes. We’ve undergone SOC2 Type 1 & Type 2 assessment. Datagrid employs automated tools (Drata) auditing compliance with policy.

Datagrid supports exports to CSV, XLSX, JSON and Parquet. In addition to export format choice, we support a number of export destinations such as S3, Azure, Dropbox etc. When exporting at the row level we support automated exports to external databases, including BigQuery, MS SQL, MySQL, RDS, and more

We have an internal Data Table (built on top of SQL) or we can push data to external databases like Azure, Amazon RDS, Redshift, Aurora, GCP (Big Query, MySQL, PostgreSQL, SQL server), Databricks, Snowflake, Maria DB, MySQL, MS SQL, PostgreSQL

We don’t manage PII data. No specific controls for HIPA, Financial or Proprietary. We use Stripe to store PCI data.

Yes, MFA is required for accessing Datagrid accounts and systems.Username and password (password standard implemented) or SSO required to authenticate into the Datagrid application, and MFA required for external services. In accordance with the Password Policy, Datagrid employees must use MFA for any and all systems (external) that provide the option for Multi-Factor Authentication (MFA). MFA Requirements: MFA must be enabled for any and all key Datagrid systems that provide the option for Multi-Factor Authentication (MFA) - Google, AWS, Github and Slack. MFA is recommended for other systems used by Datagrid employees.

FAQs

Are there controls to prevent one client attempting to compromise another client in a resource pooled environment?

Are Intrusion Detection/Prevention Systems employed in all sensitive network zones and wherever firewalls are enabled?

Are specific response and recovery strategies defined for the prioritized activities?

Is standards based federated ID capability available to clients (e.g., SAML, OpenID)?

Is there a scheduled maintenance window?

Is there a formal process to ensure clients are notified prior to changes being made which may impact their service?

Is data segmentation and separation capability between clients provided?

Does the provider have an RTO (recovery time objective) and RPO (recovery point objective) for specific applications, products or systems?

Does the provider test its incident response and disaster preparedness

Does the provider utilize Next Generation Fire Wall (NGFW) or Unified Threat Management (UTM)

Does the service log user activity (customer and vendor)?

Does the service require a minimum complexity for passwords? (If SSO is not supported or required)

Describe your encryption protocols and how they apply to transacted data?

Does the service undergo 3rd party security assessment (vulnerability assessment, pen test, NIST assessment) on a regular basis?

Does the application support the ability to create security groups and roles for controlling access to various application features?

Are application integrations secured using credentials (ID/Pwd or keys) managed by a customer designated administrator?

Does the application (or the applications partner ecosystem) store credit card data? If so, are those applications PCI compliant?

Does the application provide the ability to recover and restore accidentally deleted data?

What are the minimum browser requirements for using the application?

Does the application require the download of any software to users’ PCs (ex. Browser plug-ins)? If so, what are the minimum hardware and/or software requirements?

Is the solution multi-tenanted? If so, what (if any) restrictions are there on usage (ex. Limits on number of API calls etc.)?

How and where is the technology or service hosted?

Do you supply prebuilt content in one (or more of these tools)?

Does the provider maintain and enforce disk encryption policies?

Does the provider or applicant maintain multifactor authentication audit processes?

Does the application provide the ability for customers to export their data on demand?

Data Targets - Physical data products used (Azure/AWS/Google databases-Azure SQL/RDS or data lake?, Snowflake?, other?)

What platform is used to store PII, HIPA, Financial, or Proprietary data?

Is multifactor authentication required for your employees to access various platforms and services?