Follow

How secure is your data with us?

_SOC_CI_UKAS-H-ISO_27001-CMYK.jpg

ISO27017-ISO27018.jpg

Our team treat data protection and security as a top priority. To this end, we are audited and certified for ISO27001 (Information Security), ISO27017 (Cloud Security) and ISO27018 (Data Privacy)

These ISO information security standards includes areas such as:

  • Code of Conduct

  • Data Protection Policy

  • Security Incident Management

  • Plus following ISO-27001 controls
    A.5: Information security policies
    A.6: Organization of information security
    A.7: Human resource security
    A.8: Asset management
    A.9: Access control
    A.10: Cryptography
    A.11: Physical and environmental security
    A.12: Operations security
    A.13: Communications security
    A.14: System acquisition, development and maintenance
    A.15: Supplier relationships

 

Our proactive data security measures include the following.

Software level security:

  • We ensure we run up-to-date software components verified with vulnerability scanners.
  • We apply encryption on all sensitive data (in transit and at rest).
  • Encryption keys are kept on separate host from where data resides.
  • All nodes run on hardened Operating Environments, which consists of custom bare-bone Linux kernels with no extraneous software packages or functions.

Network security:

  • All connections to our Cloud infrastructure is protected with 256-bit SSL/TLS.
  • Industry-standard firewalls guard all network access to our infrastructure. This include real-time packet sniffing software to detect network intrusion, and host-based intrusion detection systems on all operating nodes.
  • Internet-facing nodes are checked with regular penetration testing.
  • All network-level access is logged with real-time alerts on suspicious activity.

Data security:

  • We apply strict internal procedures with regards to data access on our systems and our support personnel have access to data only on a need-to basis.
  • Our support team is trained to counter social engineering by malicious parties.
  • Any data that passes through our service is strictly protected and never divulged to outsiders.
  • We do not sell marketing databases, so there is zero possibility of any conflict of interest.
  • For customers on Basic Plan and higher, your messaging data stays within Singapore and is not routed to any foreign 3rd-party sub-contractor.
  • Entire disk volumes that contain customer data are encrypted.
  • Databases are backed up on real-time basis to a replica, then backed up again nightly, which in turn is backed up again by the underlying storage systems.

Data-Center security:

  • Our servers are hosted with a major Cloud provider which confirms to the MTCS Level 3 standard (Pro Plan customers with a formal SLA can contact us to request for a copy of the certification documents)

Do get in touch with us should you have further questions with regards to your data! 

0 Comments

Article is closed for comments.