• Deliverability, Scalability and Reliability
• Security
• Associations & Accreditations
• Privacy Policy
• End User Terms of Service
• Acceptable Use Policy ("AUP")
• Eloqua.com Terms & Conditions
• System Status

Security

Protection and availability of our customers’ data is critical. This is why we have made significant invests in essential infrastructure, tools and processes. But simply making these investments is not enough – we have engaged independent firms to perform important validations and certifications to provide comfort to both Eloqua and our customers. Our SSAE16 SOC1 and SOC2 audits have allowed many of our customers, especially those who need to comply with the Sarbanes-Oxley Act of 2002, to immediately satisfy the demanding standards of their Finance and/or IT departments

Certification and Accreditations

• Certified Information Privacy Professional (CIPP)
  • Preeminent credential in the field of privacy/security polices
• SSAE16 SOC1 and SOC2  audits
  • First and only marketing automation provider to achieve this
• Eloqua data center at Verizon
  • First marketing automation provider to earn TRUSTe certification
  • European Union and Swiss Safe Harbor Framework Certified

Secure data centers

Our service is collocated at a carrier class data center. These facilities provide:

Access control and physical security

• 24-hour manned security, including foot patrols and perimeter inspections
• Biometric scanning and Electronic Keys required for access
• Dedicated concrete-walled Data Center rooms
• Computing equipment in access-controlled steel cages
• Video surveillance throughout facility and perimeter
• Building engineered for local seismic, storm, and flood risks
• Tracking of asset removal

Environmental controls

• Humidity and temperature control
• Redundant (N+1) cooling system

Power

• Redundant UPS systems
• Redundant power distribution units (PDUs)
• Redundant diesel generators with redundant fuel supply and multiple fuel supply contracts.

Network

• Diverse fiber paths into the building
• Redundant internal networks
• Hosted on the Tier 1 Verizon network
• Redundant gigabit links into our cage
• Full redundancy on all core network equipment: switches, firewalls, server network interfaces and load-balancers

Fire detection and suppression

• FM200 Gas Fire suppression system backed by a pre-action dry pipe water-based system

Secure transmission and sessions

• Connection to our environment is via SSL 3.0/TLS 1.0, using Extended Validation certificates from Verisign, ensuring that our users have a secure connection from their browsers to our service
• Individual user sessions are identified and re-verified with each transaction, using a unique token created at login
• Security parameters can be customized to suit each customer’s password polices.
• Can restrict login by IP address

Network protection

• Redundant perimeter firewalls and edge routers block unused protocols
• Internal access control lists segregate traffic between the application and database tiers

Backups

• Data is backed up several times per day to disk
• Backups are encrypted (AES-256) and copied to tape weekly for offsite storage by Iron Mountain.
• Tapes are overwritten or securely destroyed after the retention period expires.

Application Security

• Each customer’s data is isolated to its own database
• Layered platform separates data and the application
• Audit trail maintained of user actions performed on the system

Internal and Third-party testing and assessments

• Weekly vulnerability scans of our network by Qualys
• Internal QA scanning of application security using third-party tools
• Our Information Security department monitors notification from various sources and alerts from internal systems to identify and manage threats.

Secure Software Development Process

• SSAE16 SOC1 and SOC2 audited processes for development, QA, change management and code promotion.
• Microsoft’s AntiXSS library used to prevent Cross-Site Scripting attacks
• Parameterized queries and stored procedures protect against SQL injection