Security

Luminance uses Amazon Web Services (AWS) environments to host your data in a managed, segregated, and secure virtual cloud. Each customer receives a dedicated single-tenant instance, ensuring complete isolation and no co-mingling of data. Our use of AWS allows for full encryption of data both at rest and in transit, applying strong multi-factor encryption standards. AWS’s global infrastructure adheres to rigorous security compliance standards, providing a robust and reliable solution tailored to geographic requirements. Additionally, Luminance complies with various certifications like ISO 27001, assuring adherence to international security standards.

Luminance is certified to ISO 27001:2013, reflecting our commitment to maintaining an effective Information Security Management System. Our certification is complemented by successful completion of a SOC 2 Type 2 examination, which assesses our controls related to security, availability, and confidentiality. Our security measures are further validated through regular penetration testing conducted by independent third parties, ensuring continuous improvement and adherence to best practices.

Access to your data within the Luminance platform is strictly controlled using application-level permissions configured by you, the customer. Our systems employ strong authentication methods, including multi-factor authentication (MFA), ensuring employees only have the necessary permissions to perform their roles. Luminance staff cannot view your documents without your explicit authorization, given through the user interface. All access is tracked and audited to maintain accountability and prevent unauthorized access.

Data security is a priority at Luminance, with encryption employed for data both at rest and in transit. We use AWS Key Management Services for encrypting data at the S3 storage level and EC2 compute resources, implementing AES-256 bit keys for utmost security. Data transmitted through the platform is encrypted using TLS 1.2 or higher protocols, ensuring secure connections with AES-128 or higher encryption standards. Master encryption keys are rotated regularly to maintain security integrity.

Luminance deploys Darktrace’s Enterprise Immune System, an AI-based threat detection solution, across our environments to identify and respond to anomalies. Additionally, we use industry-leading Juniper firewalls and rate-limiting techniques to defend against denial-of-service and brute force attacks. Our incident management process, informed by cutting-edge threat analysis, enables swift detection, mitigation, and communication in the event of potential security incidents. Security training is mandatory for all personnel, reinforcing a culture of vigilance.

Within the Luminance application, customers can configure user permissions based on roles, utilizing the principles of least privilege. The application provides division-level permissions, allowing administrators to grant or restrict access to specific users or groups. Password protocols are stringent, requiring complex passwords and inactive session timeouts, configurable by each customer. Customers hold complete control over user permissions, maximizing security and adaptability to organizational needs.

Luminance maintains a comprehensive Business Continuity Plan that includes frequent data backups and robust disaster recovery protocols. Each customer instance is automatically backed up nightly to a secondary AWS data center within the same region, ensuring data durability and integrity. Backup data is encrypted and kept for a minimum of 14 days. Our backup and restore procedures are aligned with industry standards, ensuring minimal disruption and swift recovery in the unlikely event of a data-center failure.