We are thrilled to let you know that Uptrends is now certified ISO 27001 compliant. The ISO (International Organization Standardization) sets security requirements that a company must meet before an accredited auditor can grant the certification. If you’re familiar with the certification process, you know that it takes a considerable amount of time and work; however, the benefits that it brings for our company and our clients are worth the effort. Let’s take a look.
What is ISO 27001?
ISO 27001 is a set of more than 12 standardized security requirements to establish and maintain a quality information security management system (ISMS). The information protected by the standard includes sensitive organization and personal data. So, the ISMS helps us protect your data and ours.
The standard establishes systematic approaches to data protection by making sure that we have management systems in place to protect the information. The plan includes how we handle security now and in the future. Because technology and the Internet change constantly, our ISMS guides our approach to security as the technology and the related security threats evolve.
Staff security training is a must
Part of our ISMS, and a requirement of ISO 27001, is our plan and process for the security training of our employees, contractors, and relevant third-party users. We start the training at the beginning of the employee/company relationship and maintain the training throughout the employee’s time at Uptrends. Every member of our team knows what security concerns to watch out for and how to maintain a security-focused environment. Confidentiality agreements protect your information and Uptrends’ during and after a team member’s tenure with Uptrends.
Processes that allow for a fast response to security concerns
Our entire team is always watching out for security problems in our systems and code. When a security concern arises, Uptrends acts immediately to mitigate the threat. Uptrends can quickly respond to threats because we use an agile development process that allows for the rapid release of code. Rather than the slower arduous waterfall development process where it can take months before a code change is ready for release, the agile process completes in days or weeks. The agile process has the flexibility to respond quickly to security threats.
Encryption technology used
Uptrends encrypts all communications between systems using TLS 1.2 (Transport Layer Security) or higher. To enforce TLS connectivity, Uptrends uses HSTS (HTTP Strict Transport Security). HSTS only allows connections secured with TLS to protect against protocol downgrade attacks and cookie hijacking.
What personal data does Uptrends store about me?
As an Uptrends user, we collect very little information about you. We store your name, email address, and, if you use it for alerting, your mobile number. On a company level, we store the company name, billing address, payment information, and primary contact information. We only store the most basic of information about companies and users. Uptrends is General Data Protection Regulation (GDPR) compliant and maintains a strict privacy policy.
Helping you protect your data
We are doing everything we can to protect your data, and we put tools in place to help you protect your account access and sensitive data.
Single Sign-on support
Protecting your data is a two-way street, so protecting and controlling access to your Uptrends account is important. Besides following basic password protection procedures, you can control Uptrends access through your Single Sign-on (SSO) system. SSO gives you the power to control access from a single console. Plus, SSO makes it easy for your users to manage their passwords since they only need one password to access the applications and systems they use. Having only one password to remember removes the user’s temptation to record passwords on sticky notes, in notebooks, or unsecured text documents on their computer.
Uptrends Vault
When your monitoring requires sensitive information such as login credentials or security certificates, you need to have a safe place to store them. The Uptrends Vault allows you to store the information securely, and you control who can access the Vault’s various sections. When you use the Vault protected values in your monitors, you reference the Vault item, and Uptrends masks the values in both your settings and your report details.
What about your monitoring data?
Uptrends keeps your monitoring result data secure within the confines of Uptrends data centers. Uptrends never shares your data with anyone other than you and those authorized by you. Depending on your plan, Uptrends stores your data for up to two years. You can download your data for your own storage any time before it expires in our system and we delete it permanently. Learn more about data retention.
A note about your RUM data
With Real User Monitoring (RUM), we gather information about your individual users: location, browser and version, operating system and version, device type and model. Uptrends aggregates the data in your reports, and you cannot identify any single user within your report. Uptrends never stores identifying information such as the IP address for your users. You can further restrict the data collected in RUM for complying with privacy policies within your monitor settings.
Know we’ve got your back
You work to keep your systems and data safe, and you want to know that the brands you partner with take security as seriously as you do. At Uptrends, we go that extra mile to help you contain your personal and monitoring data away from unauthorized access. Our new ISO 27001 certification is evidence of our commitment to maintaining a secure product for you and Uptrends alike. If you have any questions, please contact your monitoring consultant or Support.