Security Practices

Security Practices

Last updated: March 2026

Accorbis is built for institutions that operate in regulated environments. This page describes the administrative, technical, and physical safeguards we use to protect customer data across higher education, healthcare, and enterprise deployments. While we continually improve our controls, no system can guarantee absolute security; customers share responsibility for configuring features in line with their own policies.

Governance and Oversight

  • Dedicated security team: Accorbis maintains an internal security and reliability group that reports to executive leadership and coordinates incident response, vulnerability management, and change control.
  • Policies and training: All employees sign confidentiality agreements, complete annual security awareness training, and follow documented secure development, access, and operations policies.
  • Risk management: We conduct recurring risk assessments, tabletop exercises, and third-party penetration tests to validate controls. Findings are tracked to remediation within defined SLAs.

Infrastructure Safeguards

  • Cloud architecture: Accorbis runs on hardened cloud infrastructure with network segmentation, dedicated access, and defense-in-depth firewalls.
  • Data centers: All production workloads run in Tier III or higher facilities with 24/7 monitoring, redundant power, and biometric access controls.
  • Availability: Clustering, autoscaling, and automated backups protect against hardware failures. Backups are secure at rest and tested for restoration.

Application Security

  • Secure SDLC: Features undergo peer review, automated testing, dependency scanning, and deployment approvals before promotion.
  • Encryption: TLS 1.2+ is enforced for data in transit. Sensitive secrets and configuration values are encrypted using industry-standard key management.
  • Hardening: Managed WordPress stacks use least-privilege roles, rate limiting, and Web Application Firewall (WAF) protections.

Access Controls

  • Employees use strong authentication, hardware security keys, and centralized identity management with conditional access policies.
  • Production access requires documented justification, manager approval, and time-bound credentials.
  • Customers can configure SSO/SAML, MFA, and detailed role-based permissions within Accorbis to limit user scope.

Monitoring and Incident Response

  • Centralized logging, SIEM correlation, and automated alerts detect anomalous activity across infrastructure, application, and CMS connectors.
  • On-call engineers review alerts 24/7 and can isolate components or revoke credentials within minutes.
  • Customers receive timely communication via their designated contacts if an incident could affect their data.

Customer Responsibilities

  • Assign administrators who will review permissions regularly and remove unused accounts.
  • Configure encryption, retention, and logging features according to institutional requirements.
  • Report suspected vulnerabilities or incidents to info@accorbis.com so we can coordinate response.

For detailed documentation, data handling questionnaires, or security addenda, contact your account team or email info@accorbis.com.