We will also make sure to comply with all international regulations to help protect your organization from unethical behavior and have working frameworks for governance, business IT management and information security.
We are fully aligned to international frameworks and standards for governance and cybersecurity such as ISO 27001, COBIT 5 and NIST Cybersecurity framework.
Key Features of our data security protocol:
EthicsGlobal Ethical Reporting System implements logical security and social engineering mechanisms to guarantee the safe storage and exchange of information.
Information encrypted via SSL certificate.
Our systems are constantly checking for anti-malware / anti-virus updates 24/7.
Monthly penetration testing
Our infrastructure provides DDoS mitigation techniques, including TCP Syn cookies and limiting the connection speed.
Protection against brute force attacks and unauthorized access
With multiple ways to block user accounts when attacks are registered to obtain unauthorized access.
Datacenters with certifications in evaluation and compliance
The physical infrastructure with which EthicsGlobal Ethical Reporting System operates is hosted and managed in Amazon's secure datacenters, we use the technology of Amazon Web Services to create a secure, scalable and highly available environment within a Virtual Private Network (VPN) designed by Architects of Certified AWS solutions.
The Amazon datacenters have the following certifications:
SOC 1 and SOC 2 / SSAE 16 / ISAE 3402 (Formerly SAS 70 Type II)
Disaster recovery plans
We have several disaster recovery plans with which we guarantee the continuity of business in case of eventualities of any kind, with short recovery times (RTO).
We use the elasticity of the cloud to create an environment of high availability designed for the potential workload failures.
Software as a Service (SaaS)
Our Ethical Reporting System allows us to quickly manage the configuration of each client's user environment, as well as the multi-tenant architecture that isolates the information of each system in independent databases with a unique encryption, providing maximum security and confidence in the security of information.
Secure access controls
Passwords and not stored nor accessible to outsiders.
We have a centralized system of data access exchange so with a single general administrator controlling all staff access.
We use corporate policies for user management: expiration of passwords, password history, password complexity, etc.
We provide full Compliance with the highest standards of data protection, security and privacy regulations at a national and international level. e.g.,: COBIT 5, NIST, ISO 270001, Sabanes-Oxley Act [USA], False Claims Act [USA], Dodd-Frank Act [USA], Clauses for EU, FERPA, GLBA, HIPAA, HITECH, IRS 1075, ITAR, My Number Law [Japan], DPA United Kingdom – 1988, VPAT/Section 508, EU Data Protection Policies, Privacy Law [Australia], Privacy Law [New Zealand], PDPA – 2010 [Malaysia], PDPA – 2012 [Singapore], PIPEDA [Canada], Spanish Protection Law and among others.