Ruffian Software is dedicated to delivering the most secure and traceable credential management platform tailored to the needs of managed service providers (MSPs) through the use of TechIDManager. By prioritizing security and traceability, TechIDManager aims to provide a robust solution that safeguards sensitive information and streamlines credential management for MSPs.
FAQ | |
Can TechIDManager staff view my passwords? No. TechIDManager uses Zero-Visibility storage for all credentials. This means the private keys needed to decrypt a set of credentials only exist on the tech’s computer who owns the account. TechIDManager staff never has access to these keys and thus can’t decrypt any of your passwords. |
|
Can TechIDManager staff log into my tenant? No. Both technically and by security policy, TechIDManager staff do not have access to any tenants, servers, or machines running TechIDManager software. |
|
Is TechIDManager CMMC compliant? Ruffian Software’s TechIDManager is a product that can be used by entities that are required to be CMMC compliant by utilizing the self hosted version of TechIDManager. Ruffian Software has obtained a SAM number to assist in support of CMMC compliance for our partners. |
|
If you have unanswered questions, please contact us at Support@TechIDManager.com |
Control | Status |
Infrastructure Security |
|
Unique production database authentication enforced The company requires unique user, MFA, and firewall access limited per person to access our production servers |
|
Unique account authentication enforced The company requires unique user, MFA, and firewall access limited per person to access our production servers. SSH keys unique per user are used by some; our system requires unique access. |
|
Production database access restricted The company restricts privileged access to databases to authorized users with a business need. |
|
Production network access restricted The company restricts privileged access to databases to authorized users with a business need. |
|
Unique network system authentication enforced The company requires unique user, MFA, and firewall access limited per person to access our production servers |
|
Product Security |
|
Data encryption utilized The company’s datastores housing customer data is always encrypted and asymmetric encryption use ensures that Ruffian Software personnel never have access to stored credentials. . |
|
Internal Security |
|
Insurance maintained The company maintains general liability insurance. |
|
Development lifecycle established The company has a formal systems development life cycle (SDLC) methodology in place that governs the development, acquisition, implementation, changes (including emergency changes), and maintenance of information systems and related technology requirements. |
|
SOC 2 – System Description In Progress |
|
System changes externally The company notifies customers of critical system changes that may affect their processing |
|
Organization structure documented The company maintains an organizational chart that describes the organizational structure and reporting lines. |
|
Service description communicated The company provides a description of its products and services to internal and external users. |
|
Risks assessments performed The company’s risk assessments are performed at least annually. As part of this process, threats and changes (environmental, regulatory, and technological) to service commitments are identified and the risks are formally assessed. The risk assessment includes a consideration of the potential for fraud and how fraud may impact the achievement of objectives. |
|
System changes communicated The company communicates system changes to authorized internal users |
|
Support system available The company has an external-facing support system in place that allows users to report system information on failures, incidents, concerns, and other complaints to appropriate personnel. |
|
External support resources available The company provides guidelines and technical support resources relating to system operations to customers. |
|
Subprocessor |
|
AWS Infrastructure hosting |
|
IONOS Backup storage |