Security

• The Expere Database is encrypted using Transparent Data Encryption Advanced Encryption Standard-256.
• Data is encrypted in transit and at rest for all data classified as sensitive in accordance with WK data classification standard. TLS 1.2 is utilized for session encryption.
• Each customer has a unique account identifier which protects the confidentiality of each customer's data. The unique identifier must be passed with every API call.
• Wolters Kluwer has implemented a three-tiered information security management structure to facilitate the security functions of management, architecture, and operations. Members of the different tiers include, CEOs, Legal, Internal Audit, Internal Controls, the Global Information Security team, and risk Management. In addition, a Security Advisor has been designated for each division to support and facilitate business specific security requirements and continued improvement of the overall security program. Additionally, an incident response team is in place and available at all times so incidents can be assigned to an individual or a team, depending on the incident.
• Wolters Kluwer infrastructure is scanned for exploitable vulnerabilities. Software inventories are reviewed periodically for inappropriate software.
• Data Retention
  • Customers decide how long to retain their Expere data
  • Data retention is configurable
  • 7 days is the default