Data Protection
and Security

We have the most advanced security systems, which are designed to provide your organization with the highest levels of protection and information security, giving you total peace of mind. We ensure to be in compliance with international regulations for protection and data privacy for every whistleblower hotline that we configure.

We will also make sure to comply with all international regulations to help protect your organization from unethical behavior and have working frameworks for governance, business IT management and information security.

We are fully aligned to international frameworks and standards for governance and cybersecurity such as ISO 27001, COBIT 5 and NIST Cybersecurity framework.

Key Features of our data security protocol:

EthicsGlobal Ethical Reporting System implements logical security and social engineering mechanisms to guarantee the safe storage and exchange of information.

Information encrypted via SSL certificate.

2048-bits encryption.

Our systems are constantly checking for anti-malware / anti-virus updates 24/7.

Monthly penetration testing

DDoS protection

Our infrastructure provides DDoS mitigation techniques, including TCP Syn cookies and limiting the connection speed.

Protection against brute force attacks and unauthorized access

With multiple ways to block user accounts when attacks are registered to obtain unauthorized access.

Datacenters with certifications in evaluation and compliance

The physical infrastructure with which EthicsGlobal Ethical Reporting System operates is hosted and managed in Amazon's secure datacenters, we use the technology of Amazon Web Services to create a secure, scalable and highly available environment within a Virtual Private Network (VPN) designed by Architects of Certified AWS solutions.

The Amazon datacenters have the following certifications:

ISO 27001

SOC 1 and SOC 2 / SSAE 16 / ISAE 3402 (Formerly SAS 70 Type II)

FISMA Moderate

Sarbanes-Oxley (SOX)

Disaster recovery plans

We have several disaster recovery plans with which we guarantee the continuity of business in case of eventualities of any kind, with short recovery times (RTO).

High availability

We use the elasticity of the cloud to create an environment of high availability designed for the potential workload failures.

Software as a Service (SaaS)

Our Ethical Reporting System allows us to quickly manage the configuration of each client's user environment, as well as the multi-tenant architecture that isolates the information of each system in independent databases with a unique encryption, providing maximum security and confidence in the security of information.

Secure access controls

Passwords and not stored nor accessible to outsiders.

We have a centralized system of data access exchange so with a single general administrator controlling all staff access.

We use corporate policies for user management: expiration of passwords, password history, password complexity, etc.

International Standards

We provide full Compliance with the highest standards of data protection, security and privacy regulations at a national and international level. e.g.,: COBIT 5, NIST, ISO 270001, Sabanes-Oxley Act [USA], False Claims Act [USA], Dodd-Frank Act [USA], Clauses for EU, FERPA, GLBA, HIPAA, HITECH, IRS 1075, ITAR, My Number Law [Japan], DPA United Kingdom – 1988, VPAT/Section 508, EU Data Protection Policies, Privacy Law [Australia], Privacy Law [New Zealand], PDPA – 2010 [Malaysia], PDPA – 2012 [Singapore], PIPEDA [Canada], Spanish Protection Law and among others.