Information security and privacy is our top priority

 

ISO/IEC 27001

We have implemented our Information Security Management System (ISMS) in line with the ISO/IEC 27001 standard. The ISMS covers all InlineMarket systems, services, and personnel and includes a specified set of security policies and practices. They are shared with all employees and audited regularly to ensure continuous improvement. All of our employees complete regular Information Security and Awareness training.

 

GDPR

We follow and apply General Data Protection Regulation (GDPR) regulations. We conduct an annual GDPR compliance review to ensure that all relevant data privacy topics are considered, managed and that they stay under control.

 

Network security

Any network traffic in and out of our servers will always be transported over encrypted network SSL protocols. The application servers are hosted in a VNET and only the internet-facing application servers are exposed through a firewall and load balancers. The databases and application servers are protected by firewalls. The firewalls only allow access to dedicated ports and protocols required by the application architecture.

 

Privacy and visibility

We pay the utmost attention to your data privacy and visibility. Access privileges to the data are managed and checked on four levels: input data validation, database queries, business logic and upon data serialization. In addition to that, role-based authorization privileges are checked upon every request to our application servers.

 

Automated audit logs

All requests to our application servers and databases are logged and encrypted for auditing purposes.

 

Internal data access

We don’t make any changes to customer databases. Instead, we download the data and use our own copies. We may be granted temporary access to your data by authorized employees only under special circumstances and only ever to meet your special requirements or business needs.

 

Encryption

All communications involving the InlineInsight web service or between the InlineInsight web service and external services (such as third-party services or public APIs) take place via HTTPS protocol.

 

Backups and monitoring

Customer data is backed up automatically to protect it from corruption or deletion.

On an application level, we produce audit logs for product usage and monitor system resources and application performance using Azure monitor (in the EU). We use monitoring to continuously improve InlineInsight’s performance.