We apply Enterprise grade security practices throughout our technology infrastructure and business processes.Learn more
SSSL / TLS 1.3
We use 256-bit encryption for all data in transit. All connections are protected using TLS 1.3 with a AES 256-bit symmetric encryption and 2048-bit authenticated key agreement.
Data is also encrypted at rest in the same way and we rotate volume keys on a regular basis using a key management system, meaning your data is never available in plain text.
We regularly test our network and verify our supported cipher suites with external audits, the results of which are publically available.
We allow clients to control access to their workflow with advanced user role-based permissions.
Clients are able to match permissions to job functions based on the Principle of Least Privilege (PoLP), ensuring best practice for high value data and assets.
All user passwords are also masked with a separate salt and encrypted with bcrypt, along with have enforced minimums for length and complexity.
We only use AWS data centres, which are ISO 27001 Certified and offer Service Organization Control (SOC) Reports 2, and multiple other industry standard certifications.
AWS security measures include data segmentation, firewalls, intrusion detection, electronic key cards, pin codes, biometric hand scans, and on-site security officers 24 hours a day, 365 days a year.
All our systems, processes, and controls have Cyber Essentials Certification, backed by the National Cyber Security Centre.
All our systems and processes are GDPR compliant, in accordance with our privacy agreement.
We also offer best in class data processing agreements for all clients, and have back to back DPAs with all our suppliers ensuring complete compliance with both UK and EU MAR across the supply chain.
InsiderList is designed with security first. We employ a comprehensive Information Security Management System (ISMS) ensuring first class industry standards
All the code produced for our core services adheres to OWASP guidelines and recommendations, preventing common security issues such as cross site scripting (XSS) or SQL injections.
Every code change is signed, tracked in a versioning system and covered by a change management policy, which requires code review by a maintainer. Similarly, publishing rights are limited to a small group of maintainers.
We scan for vulnerabilities and actively monitor for new threats. We use static code analyser tools and software dependency scanners to detect issues and vulnerabilities.
All of our services are actively monitored and logged. An intrusion detection system (IDS) is used to detect and notify us of unauthorized server access. We review alerts from these systems as well as application logs on a regular basis to look for unusual or suspicious activity.
InsiderList was created with the goal of disaster recovery in mind. Our infrastructure and data are distributed across multiple availability zones and will continue to function if any of those data centres fails.
We have a procedure in place for dealing with information security incidents that includes escalation procedures, rapid mitigation, and communication.
We are dedicated to improving our security through continuous review.
We perform an independent third-party penetration test annually to ensure that the security of our services is uncompromised.
We continuously monitor our security and compliance status to ensure there are no lapses.
We provision all roles and responsibilities on a principal of least privilege, ensuring individuals are only given access required to complete specific tasks.
Our information security program is a core part of our operations and follows criteria set forth by ISO 27001 and SOC 2.
Our team members are required to go through employee security awareness training covering industry standard practices and information security topics such as phishing and password management.
Our organization undergoes independent third-party assessments to test our security controls, which are available on request.
We continuously monitor our systems to improve performance and security. If you have found a vulnerability in our systems or service, we want to hear from you.Report an issue
Please download our security documentation if you want more information about our security or want to share it with others.Download