From time to time, companies ask us security questions about Easytoinspect. In general, we don’t like to expose much information about our security practices, because it only helps the very people we’re securing ourselves against. But we realize security is very important to you, so we’ve decided to carefully document some answers to the questions we feel are most important for our customers to know.
When you use our Easytoinspect inspection platform your information is protected using both server authentication and data encryption via SSL (Secure Socket Layer) technology. Perimeter routers and firewalls policies configured to allow only intended services. CSRF security measures have been implemented to prevent cross site scripting attacks.
Protecting, managing access to and securing communication of customer data are critical aspects of our Easytoinspect service. Some of the key measures utilized by our service include: Security standard of Least Privilege, Role-based access controls, Unique security credentials.
User authentication is implemented. Each user in your organization is provided with a unique user name and password that must be entered each time a user logs on. The account passwords are encrypted. Our staff can’t even view them. If a user loses his/her password, it can’t be retrieved, a reset is required.
All mobile devices also require a user name and password before they can log on. All mobile devices communicate via SSL.
User profiles are unique and are in case of a multi user account securely and uniquely linked to the master user.
Access to data is secured through application security to restrict access by user profile. User data is stored using unique identifiers for each report. The identifier is made using the unique key of the user profile of the current user (and linked to the corresponding multi-user account). This ensures that reports are always unique as by existence, but more important can only be found in the scope of the linked user profile. Unique identifiers are based on strong 24 digit key and the also strong unique user profile key.
We have implemented measures to protect customer data on our platform from accidental destruction or loss. These measures include: Redundant systems across servicing components, Load balancing for transparent routing in case of component failure, Backup data stored in redundant locations using encrypted connections.
Our application is hosted in a secure data center which deploys the latest technologies to prevent interference or access from outside intruders. The data center is a TIER3+ center that is ISO 9001 and IS0 27001 certified. The data center is equiped with various security measures designed for a high level of reliability and security. These measures include:
- ISO 27001 Certification
- Multiple power supply feeds
- Uninterruptable Power Supply (UPS) system
- Backup power generator
- 24×365 onsite staff
- Alarm system
- Equipment installed in locked cabinet/cages with restricted access
- Access to data centers is limited to authorized personnel as well as being monitored, logged, and tracked