iPort™/Creative Interface Inc. Security
We are extremely focused on data security and strive to ensure our customers’ data is protected from unwanted parties. The security is controlled on many levels.
Within iPort, there are possibilities to grant access rights to different user groups. Permissions for integrating external products or exposing data over the API (Application Programming Interface) can be set for each service and are managed by the site’s administrator. The software is tested routinely for different attack vectors.
iPort™/Creative Interface Inc. software is hosted around the globe in different data centres using a world leading CDN (Content Delivery Network). This both improves the speed of delivery and allows our clients to resolve government and other regulations they may need to uphold. The security and availability of each data centre is managed by proficient providers and is often verified by both iPort™/Creative Interface Inc. and external partners.
iPort™/Creative Interface Inc. understands the risks related to data security and works proactively to manage and resolve them. Below is a detailed overview of how iPort™/Creative Interface Inc. handles, stores and secures the data across all data centres.
Upgrades and Maintenance
iPort™/Creative Interface Inc. has regular maintenance windows for updates and back-up. Back-ups are continuous and do not impact on the user experience.
Logging and System Management
iPort™/Creative Interface Inc. logs end-user and administrator actions in Activity Logs. The general types of events that are logged are user-based activities (adding, modifying, exporting, deleting, logging in and out, importing, modifying statuses) in all modules of the platform.
Hosting Infrastructure, Back-Ups, and Disaster Recovery
The data centres are provided by iPort™/Creative Interface Inc.’s trusted partners, Amazon Web Services.
The documented plans for recovering iPort™/Creative Interface Inc.’s operations and network connectivity in the event of a local or regional disaster are storing back-ups in multiple locations. The data recovery plans are refreshed and updated annally.
iPort™/Creative Interface Inc. tests the process of restoring back-ups on a regular basis. We validate the files’ integrity and run regression tests.
Architecture and Supported Platforms
iPort™ can be used with any modern web browser. The system works on all desktop/laptop operating systems (Windows, Macintosh, etc.) and supports the main modern smartphone and tablet operating systems (iOS, Android, etc.), limited to a browser.
The mechanisms, policies, and procedures in use for safeguarding stored data are in compliance with ISO 9001 and ISO 27001 certifications the data centres possess (use of intrusion detection, antivirus, firewalls, vulnerability scanning, penetration testing, encryption, authentication and authorization protections and policies, including those involving passwords, removal of unnecessary network services, limiting of administrative access, code review, logging, employee training and other relevant safeguards).
iPort™ uses HTTPS encryption protocol for every transaction. All passwords are encrypted with an aes-256-cbc cypher.
The threat of information knowingly being misused by iPort™/Creative Interface Inc.’s workforce and contractors is addressed by issues of strong sanctions policy and practice, background checks, role-based access to information, oversight of data authorization by supervisor, terminating access to data for terminated employees and employees changing job functions, prohibition on sharing passwords, and other relevant safeguards.
For credit card-based and other e-commerce transactions executed through iPort™, the transaction security is being assured by iPort™’s trusted partner Square payments. iPort™/Creative Interface Inc. does not access or store any information regarding customer’s credit card.
iPort™/Creative Interface Inc. supports Secure Sockets Layer with 128-bit or stronger encryption for connecting to the application.
iPort™/Creative Interface Inc. hosting environments provide redundancy and load balancing for firewalls, intrusion prevention and other critical security elements.
iPort™/Creative Interface Inc. performs external penetration tests at least quarterly and internal network security audits at least annually. These audits are structured per the OWASP Application Security Verification Standard.
iPort™/Creative Interface Inc. provides protection for denial-of-service attacks against the hosted solution and utilizes geo-fencing to eliminate foreign intrusion attempts.