We take security seriously here at Traction Guest. Every guest, host and admin using our service expects their data to be secure and confidential. We understand how important the responsibility of safeguarding this data is to our customers and work to maintain that trust.
Guest’s security features are designed to provide ease of use, seamless user experience and sophisticated tracking capabilities in an environment that ensures data is kept safe and compliance standards are met.
Traction Guest has strong password requirements in place, and passwords cannot be retrieved, only reset. Traction Guest allows for multiple administrators under the same account, preventing the sharing of passwords between multiple users.
Behavioural data including all visitor inputs, date and time of sign in/out, hosts, and location can be exported to .csv format through the Traction Guest UI. Records can also be searched and filtered in the UI itself.
Traction Guest’s iPad app is designed to retain data in the event of a connection loss, and will sync all sign-in data upon reconnection. Guests can still sign in on the iPad when it’s offline. Traction Guest supports Guided Access mode to prevent visitors from tampering with the iPad.
Legal documents signed in DocuSign through Traction Guest are stored in the DocuSign account and can be automatically forwarded to any e-mail address if chosen. If required, all data from a customer’s account can be exported and provided to the customer upon special request.
ITAR | The International Traffic in Arms Regulations and the Export Administration Regulations (EAR) are two important United States export control laws that affect the manufacturing, sales and distribution of technology.
ITAR requires knowledge of your visitor’s country of residence (US or other). Traction Guest allows you to ask your visitors this question and give them a custom experience based on their nation of residence. Specific documents, notifications to hosts, and follow up questions can be used for international visitors while allowing your US visitors to bypass additional requirements.
PCI DSS | The Payment Card Industry Data Security Standard is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.
Part of the PCI Compliance standard is control of physical access to your facility (requirement 9). To comply with this requirement, merchants must restrict access to protected areas (ie. your office) and know the difference between customers, staff, and other potential attackers. Traction Guest allows you to ask your visitors their reason for visiting and produce a custom visitor badge including their reason for visiting, allowing you to visually identify different types of people in your facility.
Traction Guest is built on Salesforce’s Heroku Cloud Application Platform. Heroku applies security best practices, manages platform security, and is designed to protect customers from threats by applying security controls at every layer (physical to application).
Traction Guest and its data are completely isolated and receive rapidly deployed security updates without customer interaction or service interruption.
While running on the Heroku platform, Traction Guest functions within its own insulated environment. This restrictive design prevents security and stability issues by isolating processes, memory, and the file system using LXC. Host-based firewalls restrict applications from establishing local network connections.
Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilizes Amazon Web Service’s (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.
Amazon’s data center operations have been accredited under:
Support Issue Priority and Timelines
First response target within 15 min.
Fatal Issues that result in a customer’s inability to fulfill critial business functions that have no reasonable work around.
First response target within 1 hour.
Serious issues significantly impacting use of Traction products.
First response target within 1 business day.
All other issues, eg. how-to questions, reporting issues.
Our Development Policy
Updates with new functionality are released on a regular basis. As the service is cloud-based, upgrades do not require involvement from customers aside from upgrading the Traction Guest iPad app (if automatic updates are disabled on the iPad). Our development team uses a standardized development process to ensure all changes are made securely and reliably, with a focus on quality.
1 All changes begin with a pull request from a local development branch to a QA environment.
2 Before changes are merged into a QA environment, a code review is done by a senior developer.
3 The change is then tested in QA, and another run of testing in UAT.
4 Code is finally pushed from UAT to production. All code migrations occur across SSL.
New releases including new functionality are typically available once a month or more. Releases include documentation, ie. release notes including videos to showcase new functionality to all customers.
Traction employees all undergo background criminal checks and sign a NDA upon hire. We do not use consultants/contractors. Traction Guest employees do not have access to customer data, it must be granted by customers.
The ROI of Visitor Management Systems
Understand the trends in visitor management. Participate in our market research and be the first to receive the results of our study.