At Inspectorio, data and cybersecurity have the utmost priority.
- Inspectorio has a dedicated security team to develop/maintain industry-recognized security initiatives
- Inspectorio has an ISMS in place to always keep an eye on all of its assets.
- Inspectorio meets the most extensive compliance standards
- Inspectorio‘s platform and infrastructure undergo routine independent pen-tests as well as public Vulnerability Disclosure Program
Technical, administrative, physical and organizational measures
Information Security Management System
Inspectorio has deployed an ISMS to manage security professionally. Inspectorio’s ISMS has been audited by an independent, external auditor to achieve ISO/IEC 27001:2013 certification. ISO/IEC 27001:2013 is an international standard that specifies the requirements for establishing, implementing, maintaining and continually improving an ISMS. The ISO standard demands the utilization of best practices for the assessment and treatment of information security risks. Having already attained ISO/IEC 27001:2013 certification, we continue to undergo routinary external audits to ensure our security standards remain en par with our ISO certification.
Inspectorio hosts its Service with Amazon Web Services in the Tokyo region. Inspectorio relies on contractual agreements, privacy policies and vendor compliance programs in order to protect data processed or stored by AWS.
The physical and environmental security controls are audited for SOC 2 Type II and ISO 27001 compliance, among other certifications.
Confidentiality, Integrity and Availability
Personal Data remains confidential throughout processing and remains intact, complete and current during processing activities. Personal Data is protected from accidental destruction or loss, and there is timely access, restoration or availability to Personal Data in the event of an incident.
Inspectorio maintains an up-to-date incident response plan that includes responsibilities, how information security events are assessed and classified as incidents and response plans and procedures. Inspectorio logs administrator and user activities at the production data center to provide evidence in the event of an incident.
Certifications and Accreditations
Inspectorio, has achieved ISO 27001:2013 certification
covering all of its assets including infrastructure, data centers, services to their customers and team members.
- Published by the International Organization for Standardization (ISO), the ISO 27001 standard is used worldwide by governments and organizations to indicate that data security is properly implemented throughout an entity.
- The ISO 27001 standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS).
- For companies that use cloud-based software, one way to ensure that data is as safe as possible is to only use software-as-a-service (SaaS) from a provider who is certified according to an Information Security standard.
- Inspectorio is the only quality and compliance provider to undertake the rigorous and exhaustive requirements set out by the ISO.
Operations and Access Control
Inspectorio data processing systems are used only by approved, authenticated users.
- Access to Inspectorio internal systems is granted only to Inspectorio Personnel and/or to permitted employees of Inspectorio’s subcontractors and access is strictly limited as required for those persons to fulfil their function.
- Inspectorio has established a password policy that prohibits the sharing of passwords and default passwords to be altered. All passwords must fulfil defined minimum requirements and are stored in encrypted form.
Each computer is password protected.
- A second factor of authentication is required for access to online systems containing Inspectorio source code or infrastructure assets.
- Inspectorio has a thorough procedure to deactivate users and their access when a user leaves the company or a function.
- For Customer access to the system, Inspectorio implemented a uniform password policy for its customer products. End users who interact with the products via the user interface must authenticate before accessing customer data.
- Application Programming Interface (API) access: Private product APIs may be accessed using an API token.
Persons entitled to use data processing systems gain access only to the Personal Data that they are authorized to access.
- Personnel training covers access rights to and general guidelines on definition and use of Personal Data.
- Where appropriate and practical, Inspectorio employs data minimization and pseudonymizing to reduce the likelihood of inappropriate access to Personal Data.
- The production environment for the SaaS Service is separate from the development and testing environment, and development Personnel do not have access to the production environment.
- Inspectorio uses up-to-date anti-malware software on all appropriate computers.
Our approach to cyber security is a reflection of our values at Inspectorio…. We believe that it is not only a matter of respect to guarantee the safety and security of our customers’ data, but it is a matter of necessity. With this certification and other proactive measures, we set a new standard for the inspection industry and draw attention to cyber security – an important and increasingly complex issue.
– Carlos Moncayo