Security is a top priority for SmartLPA, and that is because everyone using our service expects their data to be secure, confidential, and available.
We have a team of very talented people constantly working on improving our data security, implementing state-of-the-art practices into our product, infrastructure, and processes.
Our Integrated Management System (IMS) is certified under the global standard ISO/IEC 27001:2013 for Information Security Management Systems (ISMS).
Information Security Policy and Business Continuity
Our Information Security and Business Continuity Policy consists of developing and maintain a culture of secure handling of information, both internal and our customers’.
We constantly strive to comply with international standards and our customers’ expectations with regards to information confidentiality, availability and integrity. We handle personal information according to our contractual obligations and applicable legislation.
We have controls and procedures to guarantee the security of the information that our customers have entrusted through our cloud services.
We take actions to always ensure the continuity of our services under any eventuality.A constant training allows us to identify and mitigate risks, as well as to continuously improve our operation in pursuit of excellence.
DD-01 Rev. B 31/May/2019
Our Security Practices
Data and information
- Encryption.
Your data is only stored in the production environment, fully encrypted at rest. All network communications are encrypted with TLS 1.2. - Backups.
Our backup policy requires incremental backups every few minutes to off-site premises to ensure your data is always available. - Passwords.
Passwords are stored hashed securely with SHA512.
Infrastructure
- Cloud Provider.
Our cloud provider is Microsoft Azure. We use Azure Security Center to setup firewall rules, intrusion detection, and other tools. - Server Patches and Updates.
Our server updates are handled automatically every day. - Real-Time Monitoring.
We scan our infrastructure and applications periodically to detect vulnerabilities. We use Azure Security Center monitoring to detect any unusual traffic. - Logging.
We log every action performed in the application, and in the infrastructure. - Redundancy and High Availability.
We use Azure Availability Sets to make sure SmartLPA meets the availability levels you expect. - Business Continuity.
We have disaster recovery and continuity plans which we test at least twice per year. - Incident Management.
Security and confidentiality incidents will be resolved in accordance to our established policy.
Data and information
- Need to know.
Our Access Control Policy is governed by a need-to-know principle. An employee will only have access to data which is required to perform their job. - Secure Access.
Employees that require privileged access login though a Virtual Private Network (VPN) to ensure confidentiality. - Multi-Factor Authentication.
Any privileged access requires MFA. - Confidentiality.
We sign confidentiality agreements with all employees. - Security Training.
All SmartLPA team members undergo periodic training in Information Security and Secure Development Practices.
Vendors
- All our vendors are exhaustively audited to ensure they meet our highest security and compliance standards.
- We keep a list of data subprocesses up to date, which is available upon request.
Start Now
Contact us to schedule a free, no-obligation 30-minute demo and see all that SmartLPA can do.
Schedule a Free DemoOr better yet, request a free, no‑obligation, 30-day trial to live the SmartLPA experience
A product of:
