Information Security
We are committed to information security and privacy. We have the appropriate technical and organizational measures designed to protect our customer data against unauthorized access, modification, or deletion. We believe employee competence is key to protecting our customer data. Employees are required to complete security training and acknowledge our Acceptable Use & Information Security Policies when they start, and at least annually. Employees that handle personal information are required to complete additional requirements appropriate to their roles and responsibilities.
Infrastructure
We leverage Amazon Web Services’ (AWS) expertise in data center and infrastructure management. Our infrastructure is secured and segmented per best practices. Content is stored in Amazon S3 and delivered through the Amazon CloudFront content delivery network. We use Amazon database services and maintain remote database backups in physically separate data centers. For a complete overview of Amazon Web Services security practices and regulatory compliance information, please see the following:
Monitoring
System Level
We monitor server statistics like CPU, memory, disk, and network utilization. In addition, we also monitor database metrics including requests, response times, hot indices, lock contention, and slow queries.
Application
We monitor the performance of our application, so we have visibility into page load times, API response times, error rates, and slow transactions.
Availability
Several systems alert us to system-wide incidents. Incidents are escalated to our on-call team.
Backups and Disaster Recovery
We have designed and regularly test our Disaster Recovery Plan at least annually to respond to critical events. Additionally, we maintain backups of our databases in separate physical data centers.
Vulnerability Management
We utilize tools to continuously analyze software packages and report on vulnerabilities so that we know if we have a system with vulnerable software on it. Our application is regularly scanned with web application vulnerability scanning software.
Data Access
Remote access to all production resources occurs via a restricted network. All access to our production resources occurs over a VPN (Virtual Private Network) connection.
Administrative access to production systems is logged and audited. We maintain audit logs of all user activity on our application servers.
We log all API and console access to AWS resources. AWS access is controlled: each person able to log in is granted an explicit set of rights necessary to do what they need to, and no more.
Supplier Management
Wisetail has a process to review all suppliers utilized for operations or within product functionality. The Information Security Team conducts Risk assessments on each vendor, appropriate to the sensitivity and level of access to resources.
