At ISMS Copilot, we prioritize the security of your personal data within our application. This covers your account data, such as your email or name provided when signing up. Here are technical and organizational measures that ensure your account data is protected:
Data in Transit: We use SSL/TLS encryption to secure data as it travels between your device and our application, preventing unauthorized interception.
Data at Rest: Our application benefits from AWS's AES-256 encryption, safeguarding stored data from unauthorized access.
Two-Factor Authentication (2FA): All users are required to use 2FA, adding an extra layer of security to account access.
Admin Access: We apply the principle of least privilege, ensuring admins have only the necessary access to perform their duties.
Account Management: You have the ability to delete your account independently, giving you control over your personal data.
This especially applies for the Policy Generator. You can go to “settings” page and delete all information you provided to generate the policies.
We’re happy to provide our policy generation service, but we don’t want your data.
Security Monitoring
We continuously monitor our application for any security misconfigurations or vulnerabilities, with regular interventions to address any issues.
No “real” vulnerability is left, as the only detected vulnerabilities alert about some pages being public (such as signup page or terms and conditions), but in fact, only the pages we wanted to be public are public.
Regular Assessments
We conduct ongoing security assessments to ensure our application remains secure against threats and data leakages. A tool enables us to verify that all database data is kept private. Since we design features with privacy in mind, no leak has been detected.