• team02.jpg

    We know we always have to do better.

Data Security By Design

Inspera has systems and routines in place to mitigate security threats and preserve the confidentiality, integrity and availability of customer information in Inspera Assessment.

We anticipate risks and privacy-invasive events, and we have taken steps to prevent harm to personal data throughout the data lifecycle:

Measure

Description

Employee Information Security Policy

Inspera and its employees process personal data with utmost confidentiality. Regulations on confidentiality are set both in employment contracts and in Inspera Information Security Policy which all employees must adhere to.

Robust Key Management Service

Inspera has implemented AWS Key Management Service that uses key-envelope strategy to secure the keys, and key usage itself is guarded by roles and privileges.

Network security

Inspera Assessment is protected by AWS Shield Advanced. It provides additional detection and mitigation against large and sophisticated DDoS attacks, near real-time visibility into attacks, and integration with AWS WAF, a web application firewall. AWS Shield Advanced also gives Inspera 24x7 access to the AWS DDoS Response Team.

Threat detection

Inspera Assessment is protected by Amazon GuardDuty. GuardDuty continuously monitors and protects the Inspera Assessment AWS accounts and workloads. It analyses continuous streams of meta-data generated from our AWS account and network activity. It also uses integrated threat intelligence such as known malicious IP addresses, anomaly detection, and machine learning to identify threats more accurately. 

All of our major hosting vendors have up-to-date SSAE 16 certification. Inspera Assessment is hosted on Amazon Web Services (AWS), which provides extensive security controls and privacy features, which are documented at https://aws.amazon.com/security.