TechIDManager Trust Center

Ruffian Software is dedicated to delivering the most secure and traceable credential management platform tailored to the needs of managed service providers (MSPs) through the use of TechIDManager. By prioritizing security and traceability, TechIDManager aims to provide a robust solution that safeguards sensitive information and streamlines credential management for MSPs.

FAQ

 Can TechIDManager staff view my passwords?

No. TechIDManager uses Zero-Visibility storage for all credentials. This means the private keys needed to decrypt a set of credentials only exist on the tech’s computer who owns the account. TechIDManager staff never has access to these keys and thus can’t decrypt any of your passwords. 

Can TechIDManager staff log into my tenant?

No. Both technically and by security policy, TechIDManager staff do not have access to any tenants, servers, or machines running TechIDManager software. 

Is TechIDManager CMMC compliant?

Ruffian Software’s TechIDManager is a product that can be used by entities that are required to be CMMC compliant by utilizing the self hosted version of TechIDManager.

Ruffian Software has obtained a SAM number to assist in support of CMMC compliance for our partners.

If you have unanswered questions, please contact us at Support@TechIDManager.com

Control Status
Infrastructure Security

Unique production database authentication enforced

The company requires unique user, MFA, and firewall access limited per person to access our production servers

Unique account authentication enforced

The company requires unique user, MFA, and firewall access limited per person to access our production servers. SSH keys unique per user are used by some; our system requires unique access.

Production database access restricted

The company restricts privileged access to databases to authorized users with a business need.

Production network access restricted

The company restricts privileged access to databases to authorized users with a business need.

Unique network system authentication enforced

The company requires unique user, MFA, and firewall access limited per person to access our production servers

Product Security

Data encryption utilized

The company’s datastores housing customer data is always encrypted and asymmetric encryption use ensures that Ruffian Software personnel never have access to stored credentials. .

Internal Security

Insurance maintained

The company maintains general liability insurance.

Development lifecycle established

The company has a formal systems development life cycle (SDLC) methodology in place that governs the development, acquisition, implementation, changes (including emergency changes), and maintenance of information systems and related technology requirements.

SOC 2 – System Description

In Progress

System changes externally

The company notifies customers of critical system changes that may affect their processing

Organization structure documented

The company maintains an organizational chart that describes the organizational structure and reporting lines.

Service description communicated

The company provides a description of its products and services to internal and external users.

Risks assessments performed

The company’s risk assessments are performed at least annually. As part of this process, threats and changes (environmental, regulatory, and technological) to service commitments are identified and the risks are formally assessed. The risk assessment includes a consideration of the potential for fraud and how fraud may impact the achievement of objectives.

System changes communicated

The company communicates system changes to authorized internal users

Support system available

The company has an external-facing support system in place that allows users to report system information on failures, incidents, concerns, and other complaints to appropriate personnel.

External support resources available

The company provides guidelines and technical support resources relating to system operations to customers.

Subprocessor

AWS

Infrastructure hosting

IONOS

Backup storage