This page outlines some of the practices about the way we handle security at ilert. If you have additional questions regarding security, please send us an email at firstname.lastname@example.org.
ilert is operated in a multitenant architecture at both the platform and infrastructure layers that is designed to segregate and restrict a access to the data you and your users make available to ilert based on business needs. The architecture provides a logical data separation for each different customer via a unique ID.
ilert's services are hosted over the Internet on a “Public Cloud”, which are computing services offered by third party providers to anyone who wants to use or purchase them. Like all cloud services, a public cloud service runs on remote servers that a provider manages.
ilert's services undergo security assessments by internal personnel and external security firms who perform regular audits of ilert's services to verify that our security practices are sound and to monitor ilert's services for new vulnerabilities discovered by the security research community. In addition to periodic and targeted audits of ilert's services and features, we also employ the use of continuous hybrid automated scanning of our web platform.
ilert is ISO 27001 certified and ilert's services are hosted in ISO certified data centers.
ilert implements and maintains appropriate technical and organizational measures to protect your Customer Data against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure of or access to Customer’s personal data processed or transmitted through ilert's services. ilert's services have a number of security controls, including but not limited to:
For some of the controls, the Customer cannot disable them; others provide customization of ilert's services' security by Customers for their own use. As such, protecting Customer Data is a joint responsibility between the Customer and iLert. At a minimum, iLert will align with prevailing industry standards such as ISO 27001, ISO 27002, and ISO 27018, or any successor or superseding standard.
ilert, or an authorized external entity, will monitor ilert's services for unauthorized intrusions.
Systems used in the provision of ilert's services log information to their respective system log facilities or a centralized logging service (for network systems) in order to enable security reviews and analysis. ilert maintains an extensive centralised logging environment in the production environment which contains information pertaining to security, monitoring, availability, access and other metrics about ilert's services. These logs are analysed for security events via automated monitoring software.
ilert maintains security incident management policies and procedures. iLert notifies impacted customers without undue delay of any unauthorized disclosure of their respective Customer Data by iLert or its agents of which iLert becomes aware to the extent permitted by law. iLert publishes system status information on our status page. ilert typically notifies customers of significant system incidents by email.
ilert's services use industry-accepted encryption products to protect Customer Data (1) during transmissions between a customer's network and ilert's services; and (2) at rest. ilert's services support the latest recommended secure cypher suites and protocols to encrypt all traffic in transit. We monitor the changing cryptographic landscape closely and work promptly to upgrade the service to respond to new cryptographic weaknesses as they are discovered and implement best practices as they evolve. For encryption in transit, we do this while also balancing the need for compatibility with older clients.
We understand that you rely on ilert's services. We’re committed to making ilert's services a highly available service that you can rely on. Our infrastructure runs on systems that are fault-tolerant, for failures of individual servers or even entire data centres. Our operations team tests disaster recovery measures regularly and has a 24-hour on-call team to quickly resolve unexpected incidents. Industry standard best practices for reliability and back-up helped shape the design of ilert's services. ilert performs regular backups, facilitates rollbacks of software and system changes when necessary and replication of data as needed. Where possible, ilert will assist the Customer with data recovery for Major Catastrophic Events, as limited by data residency requirements of the locality and capabilities within the region. “Major Catastrophic Event” means three broad types of occurances: (1) natural events such as floods, hurricanes, tornadoes, earthquakes, and epidemic; (2) technological events such as failures of systems and structures such as pipeline explosions, transportation accidents, utility disruptions, dam failures, and accidental hazardous material releases; and (3) human-caused events such as active assailant attacks, chemical or biological attacks, cyber attacks against data or infrastructure, and sabotage. Major Catastrophic Event does not include bugs, operational issues, or other common software related errors.
Customer Data is stored redundantly in multiple locations in our hosting provider’s data centres to ensure availability. We have well-tested backup and restoration procedures which allow recovery from a major disaster. Customer Data and our source code are automatically backed up every night. The operations team is alerted in the event of a failure in this system. Backups are fully tested at least every 90 days to confirm that our processes and tools work as expected.
ilert will store Customer Data at rest within data centers located in the EU.
Within 30 days post contract termination, customers may request return of their respective Customer Data submitted to ilert's services (to the extent such data has not been deleted by the Customer).
ilert's services provide the option for Account Owners to delete Customer Data at any time during a subscription term. Within 24 hours of workspace Account Owner-initiated deletion, ilert hard deletes all information from currently running production systems. ilert's services backups are destroyed within 30 days.
When a customer terminates a paid subscription, if a customer does not otherwise elect to delete its account, ilert will, within 90 days following the subscription termination, delete, and ensure that all of its applicable third party hosting providers delete, all copies of Customer Data within 30 days after ilert has initiated deletion of the customer's account.
We place strict controls over our employees’ access to Customer Data. The operation of ilert's services requires that some employees have access to the systems which store and process Customer Data. For example, in order to diagnose a problem you are having with ilert's services, we may need to access your Customer Data. These employees are prohibited from using these permissions to view Customer Data unless it is necessary to do so. We have technical controls and audit policies in place to ensure that any access to Customer Data is logged.
All of our employees and contract personnel are bound to our policies regarding Customer Data and we treat these issues as matters of the highest importance within our company.
ilert conducts background checks on all employees before employment, and employees receive privacy and security training during onboarding as well as on an ongoing basis. All employees are required to read and sign our comprehensive information security policy covering the security, availability, and confidentiality of ilert's services.
ilert uses infrastructure provided by subcontractors to host or process Customer Data submitted to ilert's services. Information about security provided by AWS is available from the AWS Security website. Information about security and privacy-related audits and certifications received by AWS, including information on ISO 27001 certification and SOC reports, is available from the AWS Compliance website. Information about security provided by Google Cloud Platform is available from the GCP Security and Compliance website.