Risk Management and Acceptable Use
Any InsideUp system or process that supports business functions is appropriately managed for information risk and undergoes information risk assessments, at a minimum annually, as part of our secure system development life cycle. We have also published an Acceptable Use Policy that governs the proper usage of company computing resources and explicitly defines what usage behaviors by employees are unacceptable.
Security Awareness Training
Training, including Security Awareness, is provided to all employees on a regular basis. We employ training and testing of employees, when they’ve completed their training, to make it more likely that they will pay attention to and retain information about our policies. We also give our employees reminders about our policies and provide them with updates on new or changing policies. We use monthly staff meetings and team meetings as opportunities to review policies with employees. Making information security a part of our culture ensures that our employees take our policies seriously and take steps to secure data.
Controlled System Access
Our platform allows us to easily manage the system access level of each employee. Every new user we create on our system is given the minimum access level as a default until a higher access level, based on defined job role, is specified in the Role Management System. Before credentials that establish a higher level of access are provided to a new employee, we check system accessibility to make sure every user only gets the access for which they were intended. InsideUp uses Spring Security for encoding (the algorithm we use applies an SHA-1 or greater hash combined with an 8-byte or greater randomly generated salt) user passwords.
The InsideUp production database has been replicated to a remote site to safeguard data in case of an Amazon Web Services (AWS) catastrophe affecting both our database server and the data backup server. We are also using AWS to perform vulnerability scans on all production systems.