Whova Security & Reliability Guide

 

 

PCI Compliant

Whova online registration complies with the PCI DSS, Payment Card Industry Data Security Standards, and uses the most secure payment processor, Stripe

  • Whova is committed to protecting consumer credit card data in compliance with the Payment Card Industry Data Security Standard (PCI DSS).
  • Our alignment with this standard is reflected in the people, technologies, and processes we employ.
  • We conduct regular vulnerability scans and penetration tests in accordance with the PCI DSS requirements for our business model.
  • Whova’s payment processor Stripe complies with PCI 3D Secure. More details are here.

Data Encryption

Whova uses strong encryption to make sure all data is protected.

  • All data in transit is encrypted with the strongest industry-standard cryptographic protocol SSL so all connections between networks and servers are secure.
  • Whova’s SSL certification is renewed every year.
  • No credit card information is stored in Whova after transaction authorization.

Secured Hosting Environment

Whova’s servers are hosted by Amazon Web Services (AWS)

  • Whova’s servers and data centers are physically located in USA and hosted by the world’s leading high-security cloud systems provided by Amazon Web Services (AWS).
  • AWS has certification for compliance with ISO/IEC 27001:2013, 27017:2015, 27018:2019, and ISO/IEC 9001:2015 and CSA STAR CCM v3.0.1.
  • PCI-DSS Level 1 Service Provider
  • SAS-70 Type II and SSAE16
  • For more details, please visit the AWS security site and AWS PCI compliance site.

Compliance Document

Applicability of the following compliance document to your environment needs to be assessed/approved by your auditors.

 

 

Privacy

We know privacy is important for your events, and we are committed to providing the best privacy protection.

  • Whova is compliant with EU-US Privacy Shield regarding the collection, use, and retention of personal information transferred from the EU and Switzerland.
  • Whova is compliant with General Data Protection Regulations (GDPR).
  • Active consent must be given by European attendees in order to store their data.
  • Whova does not sell the personal information of our customers to third parties.
  • We have a full-time legal and security team focused on privacy and security issues.
  • More details about the privacy terms can be found here

Data Reliability

Whova’s reliable platform makes your event smooth and worry-free.

  • Uptime: our service is on the most reliable cloud platform, Amazon Web Services (AWS), and the uptime will always be at least 99.95% based on AWS SLA.
  • We use various internal tools to further monitor availability and performance 24x7.
  • We maintain your data with an automatic backup system running all the time and ensure the availability and safety of your data.
  • Disaster recovery: we have a step-by-step plan to ensure our services and customer data are protected and recoverable in the event of a disaster.

Web and Mobile App Development and Distribution

Whova is committed to designing, building, and maintaining secure systems.

  • Whova distributes the app through the official app distributors, Apple App Store and Google Play Store, and an HTML5 application
  • All applications are regularly scanned for common security vulnerabilities
  • All Whova engineers are required to attend the training sessions on code security
  • All web and mobile applications are primarily developed, tested, deployed, and maintained by a full-time, in-house engineering team.
  • Whova works with the world’s top security research group and published a research paper with the most prestigious international security conference, “the 2019 ACM SIGSAC (Special Interest Group on Security, Audit, and Control) Conference”

Incident Response

While we are confident in the security mechanisms of our system, we understand no computer system is perfectly secure. We are always prepared to respond to any incident.

  • Whova has a dedicated in-house security team to monitor threats and respond to security alerts.
  • Whova monitors security system alerts 24x7 and is ready to respond to incidents at any time.
  • Whova maintains and regularly tests our incident response plan in case of any breach of Whova’s data system.

Our Organization

Making your event data secure and reliable is our highest priority. Whova invests heavily to ensure we meet the industry standards.

  • We perform regular internal scans and penetration tests for vulnerability detections. Once identified, their fixes are treated as the highest priority.
  • Whova delivers a security code training program to every new engineer.
  • All employees are required to sign Non-Disclosure and Confidentiality agreements.
  • Whova offices are secured by keycard access, and they are monitored with cameras 24x7.
  • We continuously train employees on best security practices, including how to identify social engineering, phishing scams, and hackers.

Responsible Disclosure

Please report to us first if you discover a vulnerability with our information systems.

  • Do not attempt to harm Whova, its users, or its customers’ data.
  • Allow a reasonable time for Whova to investigate and resolve the issue.
  • Please don’t share the vulnerability you discovered publicly. Instead, please report details to security@whova.com, including steps to reproduce.
  • Please use the PGP key at the bottom of the page to encrypt your message sent to security@whova.com.

Trusted by the World’s Leading Brands and Organizations

-----BEGIN PGP PUBLIC KEY BLOCK-----

xsBNBGEBqfUBCACrzCCL620Aeyv+h9T2y6/3oeDxUd/ehmoxRCP3JZG5BkfiZrR2
oIpLW4j+108zNNhUWHanapFXS27thjHi8b3WqbFEP3I66LqEYZH4EojGpyspf0E2
mINpIj+KkCtfd2NHuCyX6xTzKxgmFt37I1cPYfMLr3mRpdwdht8pqjFTeGHSqqoI
Yf1ms5btmWxBZ0S5QdaOPTDm555W3PuezQnPhwB5H0CS9d/htKXnQxGt8tgNI7lj
9/tMaybzaniemec+DrA5hUyTrFTBTxe1vYwksn4SJNDwHW5NHUZ0srXoiUgbcuGu
8HUXRNi5nUsTGs2V577v/XyBtvF/c+SD1WTNABEBAAHNI0ppYXFpIFpoYW5nIDxq
aWFxaS56aGFuZ0B3aG92YS5jb20+wsB6BBMBCgAkBQJhAan1AhsvAwsJBwMVCggC
HgECF4ADFgIBAhkBBQkDwmcAAAoJEJOhD8G3QYoHpXoH/jje8N2zbWNl8jYd0+L8
WHYnGl+N6717QHh5SCPaAAl9m1gwZenlMdy8zBhpjJuWU2VtII641HQTlgIJPuOr
XhDqzSnMQ857mF+BrYPkFM0RYjrZR28eHzdO50GmScafEQsEA+VnDcQbJPeHI1IA
VWNPgYS46Ok1560oBzM4JpSuwjeesoEPkvn52VUCC7HwPs5ZmfOIlxcvjMx49ncK
VCOsupsaEyS5iUAqdNhL2keHJAf8ITaMYz7xXIxTSesXML8KfADuk584mHLXKtpc
bq4hglPq+Jtpznhv2vhnh2Z+scPwZ9mESOliJkv5DlNPSfUas0VC4mqyzP7/7+V4
Bh3OwE0EYQGp9QEIAMXa6aj8XKqxR497EddG0aJYxpUD8lrj53BrAePJHz3ie/7f
hn+zYurEErUzYE+IBxO7ClJQKuJNew8vYKPi4CahaYkHfqg2xDL6rDmalFMfhlQI
1DGuWV53tY6xcds89p/1IIJrcOSd0Vrp3Tm+MK70dcz1nGQiZIPoiHCFq/R7PTUd
d6DeruLQ+nRr5LC2kJroz6mbuvdu+N4Z1FyHNbUKNGCxlMk6ToRgTf14jBPpRQGi
042HvRKaQn9m3yC/mjiHVYLFAxnzuYZu/eIr3mEtIBezkVlRe2YTZ1EiqjkivVh1
XXSs/mSl8EXcbejWVaSyj/CUBKEqYPHMioiCV5MAEQEAAcLBhAQYAQoADwUCYQGp
9QUJA8JnAAIbLgEpCRCToQ/Bt0GKB8BdIAQZAQoABgUCYQGp9QAKCRAg4hHU/d2d
/QXjB/9JdXEiUDlzDHzhev8TdClmX9Jigq7fWhzV3wSnHZlsAU8NoQqTLZUXzTLz
TnNT/jrN/Ziium+Hdp9NGm1nttAYVSEfbNak7lISdRrNJQXv6UJrVGYQjec08MaR
bTvYZ420TkyMd5xT0QN5m2HbfGPLfZMd9p7UilWY2KbLx45WIIQhziQj6EEhXeCn
hEUK/PuQvdpsyJuQjzTNVrAJaNMXOpHs35Jp63dBMfRH7t+dm/ZV95V1vwVzu6NY
moX+a6Z9HoMmKjWZ/ayBMqNB+Jd1Z/E6YNrI7ySH/awypVvn2v/2TvmBM/Av2IF+
bQaU8YArPJQCpsg8UYe9PgZSyKGEveAH/0xopzZnL+EJLTGIyqR/SM8wyAWppJjy
Woa4ipakqC7l++oTlT8/A9v0gHvDo652jaonPJA5jiF/Ea2N4G7WKMvs0dIsksVq
ms4XcblTbSCBb3U5dTC9Yx5QzklR3GjjPauVYpxeUk1fK9cvPBAvLsbUffk+xn1F
K056yut6LETj+tmnBmw46ldFFTaAUYt6KSRzO5P4bbVrfzzHduQrbJa0yTfyOdpr
GwMGD5TbzC5aknrLIKplvREc6ylZBr41epp5bWU4S9AUlMCNxOrN26WlidO1a4Hh
5jv9C+pt64ySjGKF94ND27UMGzaDEF0NkpQZ55eLSm5F0Oo71RmviSTOwE0EYQGp
9QEIAK90hjcM0rsFzhbNSlG9PnUpQwTtHcjDU81UTVrO0sUtmzNNBT8tPp0JQJSj
AcOMRmDWLN4C+04jMI5jiqvbC2KJ5AsOrTuItXcyXLHS7yEN0xT86fcHfpAxE8VM
iJvEc3IqPBxCGXlV9id8lPiT+GcTJQtbUbgCBQWg3yTli4XSy+XGuy2Yt94YxTwH
Ls/3sVVQqIwOcsSxK8+R207yS9P4o6bBaOuJzbzi5B6l9bHHfHwKd5hDHwDZ516l
wUVJYFEv9fhz0re/jDHjmJxbMK4QwGq6/+BhxwySl/VdQa8XlZI5w3r7BgJLKdH4
eKp8AwkfKPZg3oSZRiiTD59p2SEAEQEAAcLBhAQYAQoADwUCYQGp9QUJA8JnAAIb
LgEpCRCToQ/Bt0GKB8BdIAQZAQoABgUCYQGp9QAKCRBiJAyxaXE0/j41B/96eEJ3
Of9hnkY8cDajdj3Wounx/RJO9J/HIIby69XwVwW3fHx2pSCVLQE7QEOGO8N82EFx
NxJnUJiqlnZ6GgG8pZbYGhC0Q2UgQkGY3qdOJq7LHPwz2uzPQcbzc4S1fmm82zez
Fy1wQT/FLosEwm1hl2O5PmL0hYcY8mm18Cc9q5euYmo2nlmz4pAj12VXTL668BDB
KeepyAvl1xFfCfpgWe6Hy8kReeh7DX2uO+g8fNzI08wdkjq4c+6HzrnFyRRthkk1
wNFt2vmy57qCuaJ5+bPrvNFasUaP8gV2ymLcICuejSeWzCPyazkRdNVNlsPPI8Wi
6PuK6T5CgzZArO0nvGwH/2E4oK/AgICi6MS1ZOY3RJf2jru+xJfwh8aBrfYchZYZ
MKi3PIGOD7aaiUzz+RJHfcdtP/PDTLvCR0/I7oLp9LnBERlhmsCwc6MKvqMvxAt9
RY37ogvrGRtD6JMCbLrx6DLoE4LBV3bpLL5wdC3rCgg+IRssYTzmakVmWgMUsanu
4NK5reyBpq4Tu4Q9VhViok6/lS9DanLBkcjx0xbZftD+/fyXNb+WR/Lnur9I3+jx
wiIujL8cKlGIXwHm+Zw2uQq9EajYDxQnj0yeE86NFQt45DdHIpPlWN9fpHs7u8xT
mNIOuicdVQcFn9WfrfyeiFrhhVCTeC3UtnafFjdXybY=
=aghM
-----END PGP PUBLIC KEY BLOCK-----

Pin It on Pinterest