Security Statement

Last Updated: 04 January 2019

Security is of the utmost importance for PeopleInsight, and protecting our client's data is something that we take very seriously. We take the following measures to secure our PeopleInsight solution:

 

Physical Data Security

  • Two (2) secure data centers in Tier III level hosting facilities; both in Canada
  • All entrances to the data centers are locked at all times. Access is restricted and requires two-factor authentication. Entry is controlled by a proximity card system, biometric scanning, and PIN number pad.
  • Personnel are on duty at the data center 24x7x365.
  • Surveillance cameras record activities at the facility entrances and other areas within the facility.

Application Security

The PeopleInsight application employs extensive security measures to protect against the loss, misuse and unauthorized alteration of data.

  • Secure Socket Layer (SSL). This technology protects information using both server authentication and data encryption to help ensure that data is safe, secure and available only to you.
  • Password Protection
    • PeopleInsight requires unique user names and passwords that must be entered each time a user logs on.
    • PeopleInsight enforces strong password rules.
    • PeopleInsight leverages Salted passwords for increased protection.
  • Session Timeouts. PeopleInsight times out user sessions if the application is left inactive for 30 minutes.
  • Secure Mobile. When using our application on your iPAD, all data remains on our servers.

Data encryption / Cryptographic controls

  • We utilize enterprise grade security infrastructure to provide consolidated layered security to protect our servers and data including firewall, anti-malware, intrusion prevention, web-filtering, content filtering and anti-spam.
  • Our data network is protected by industry leading Intrusion Detection devices.
  • PeopleInsight data utilizes AES 256bit encryption during all data transmission to ensure your data is protected.
  • Complies with all Canadian Privacy and Security requirements ensuring that data remains within Canada 100% of the time.
  • PeopleInsight infrastructure is AT 101 SOC 2 Type 2 certified and complies with industry standard security and IT best practices.

Anti-virus security

To minimize the threat of viruses and Trojans, PeopleInsight constantly runs anti-virus software to scan all files and disks on our servers. All data is scanned prior to being loaded into the PeopleInsight system.

Network Perimeter Security

There are four types of perimeter security systems used as part of our production network:

  • Firewall — The firewall provides application aware firewall services with identity based access control, and DoS attack protection. The firewall appliance scans all incoming and outgoing traffic continuously and includes proactive monitoring with traffic reports, policy compliance, and suspicious activity alert.
  • Intrusion Detection and Prevention — A dedicated intrusion prevention system is utilized to monitor production environment and corporate environment for malicious activity.
  • Virtual Private Network — Utilizes VPN tunneling utilizing strong encryption technology to control remote communications to and from network. The VPNs provide secure, encrypted communication between the network and remote host or other remote networks over the public internet.
  • Network Address Translation (NAT) — Use NAT technique to provide hidden Internet addresses to internal systems. This mitigates possibility of external sources finding the addresses of critical resources to launch attacks. NAT services are enabled on the network firewalls. Internal production servers do not have routable IP addresses.

Data Backup

Backup, along with follow up restoration to an alternate data centre location is part of the solution.

  • Backup Strategy — Nightly backups are performed for all servers. These backups are stored in a geographically different data centre than our core servers.
  • Encrypted Backup — PeopleInsight utilizes AES 256bit encryption for all backed up data.
  • Backup — Backup jobs are monitored and notification alerts are sent in the event of backup failure. Access to backup media is restricted to authorized personnel only. Restores from backup media are performed as a component of normal business operations to verify that system components can be recovered from backup media.