Digital Business Technology Pvt Ltd, the company behind WhistleSentinel, shows commitment to data protection and minimize the security risks with ISO/IEC 27001 certification. The international standard for an information security management system. This confirms that we handle data security correctly and it is always a part of development.
1. Data Encryption: All data, both in transit and at rest, is encrypted. This includes reports, attachments, communication, and any stored data within the system.
2. End-to-End Encryption: Implemented end-to-end encryption for communications between whistleblowers and investigators to prevent unauthorized access to the content.
1. Role-Based Access: Implemented role-based access control to restrict system access based on users' roles and responsibilities.
2. Authentication: Strong authentication methods for accessing the system, such as two-factor authentication (2FA), to prevent unauthorized access.
1. High Availability: We uses properly provisioned, redundant servers (e.g., load balancers, web servers, replica databases) in the case of failure.
2. Business Continuity: We keeps daily encrypted backups of data in multiple zones on AWS platform.
3. Disaster Recovery: In the event of a region-wide outage, We will bring up a duplicate environment in a different AWS Platform region.
1. We conduct regular security assessments, vulnerability scans, and penetration testing to identify and address potential security weaknesses.
2. We perform independent security audits to ensure the system meets or exceeds industry standards and regulations.
1. We ensure compliance with applicable data protection laws and regulations, such as GDPR (General Data Protection Regulation) in Europe and relevant privacy laws in other regions.
1. Our employees undergo background checks before employment and are trained on security practices during company onboarding and on an annual basis.
2. Authentication: Strong authentication methods for accessing the system, such as two-factor authentication (2FA), to prevent unauthorized access.