Advanced Features
We take security seriously.
We apply enterprise-grade security practices throughout our technology infrastructure and business processes.
Secure data encryption
We use 256-bit encryption for all data in transit. All connections are protected using TLS 1.3 with a AES 256-bit symmetric encryption and 2048-bit authenticated key agreement.
Data is also encrypted at rest in the same way and we rotate volume keys on a regular basis using a key management system, meaning your data is never available in plain text.
We regularly test our network and verify our supported cipher suites with external audits, the results of which are publicly available.
Access control
We allow clients to control access to their workflow with advanced user role-based permissions.
Clients are able to match permissions to job functions based on the Principle of Least Privilege (PoLP), ensuring best practice for high value data and assets.
All user passwords are also masked with a separate salt and encrypted with bcrypt, along with have enforced minimums for length and complexity.
Guaranteed GDPR compliance
All our systems and processes are GDPR compliant, in accordance with our privacy agreement.
We also offer best in class data processing agreements for all clients, and have back to back DPAs with all our suppliers ensuring complete compliance with both UK and EU MAR across the supply chain.
Industry leading certification.
We only use AWS data centres, which are ISO 27001 Certified and offer Service Organization Control (SOC) Reports 2, and multiple other industry standard certifications.
AWS security measures include data segmentation, firewalls, intrusion detection, electronic key cards, pin codes, biometric hand scans, and on-site security officers 24 hours a day, 365 days a year.
All our systems, processes, and controls have Cyber Essentials Certification, backed by the National Cyber Security Centre.
Application Security.
InsiderList is designed with security first. We employ a comprehensive Information Security Management System (ISMS) ensuring first class industry standards
Development best practice
All the code produced for our core services follows OWASP guidelines and recommendations, preventing common security issues such as cross site scripting (XSS) or SQL injections.
Change management
Every code change is signed, tracked in a versioning system and covered by a change management policy, which requires peer code review. Similarly, publishing rights are limited to a small group of maintainers.
Vulnerability scanning
We scan for vulnerabilities and actively monitor for new threats. We use static code analyser tools and software dependency scanners to detect issues and vulnerabilities.
Logging and Monitoring
All of our services are actively monitored and logged. We review alerts from these systems as well as application logs on a regular basis to look for unusual or suspicious activity.
Business Continuity and Disaster Recovery
InsiderList was created with the goal of disaster recovery in mind. Our infrastructure and data are distributed across multiple availability zones and will continue to function if any of those data centres fails.
Incident Response
We have a procedure in place for dealing with information security incidents that includes escalation procedures, rapid mitigation, and communication.
Advanced Security
Organisational Security
We are dedicated to improving our security through continuous review.
Penetration testing
We perform an independent third-party penetration test annually to ensure that the security of our services is uncompromised.
24/7 monitoring
We continuously monitor our security and compliance status to ensure there are no lapses.
Information security
Our information security program is a core part of our operations and follows criteria in line with ISO 27001 and SOC2.
Roles & responsibilities
We provision all roles and responsibilities on a principal of least privilege, ensuring individuals are only given access required to complete specific tasks.
Security awareness training
Our team members are required to go through employee security awareness training covering industry standard practices and information security topics such as phishing and password management.
Compliance management
We maintain a robust compliance program to ensure adherence to relevant industry standards and regulations, conducting regular audits and assessments.
Download our Security Whitepaper.
Please download our security documentation if you want more information about our security or want to share it with others.
Download