Security overview

The security, integrity, and availability of your data are our top priorities. We know how vital it is to your Compliance success. To ensure you never have to worry, we use a multi-layered approach to protect your information. 


 

Security is our first priority

 
 
IntegraCall® Overview
 

Hosted on strong security platform

IntegraCall® applications and infrastructure are setup on Amazon Web Services cloud service platform.

Access to cases on a need-to-know basis

Granting access to IntegraCall® case manager does not mean you can read all the reported cases. All case owners access to information can be controlled on a need-to-know basis.

 

Secure infrastructure


PHYSICAL SECURITY

Physical access is strictly controlled at the perimeter and at building ingress points by professional security staff utilising video surveillance, intrusion detection systems and other electronic means. Authorised staff must pass two-factor authentication a minimum of two times to access data centre floors.

HOSTING SECURITY

IntegraCall servers are hosted in secure SSAE/AICPA SOC 2 , PCI DSS, ISO 27001, ISO 27017 and ISO 27018 compliant data centers via Amazon Web Services (AWS).

ENCRYPTION AT REST AND IN TRANSIT

Data in transit to a client product site is via HTTPS, using SSL certificate from GoDaddy, managed by The Red Flag Group. Data at rest is stored encrypted with AES-256 - one of the strongest block ciphers available, handle through Amazon’s Key Management Service.

THIRD PARTY SERVICES

Google Translate™, Google Maps™ and IBM Watson™ are hosted on multi-layer secure cloud. Please find Google Cloud Security information here, and IBM Cloud security information here.

Secure infrastructure

Application security


SECURE BY DESIGN

IntegraCall® is designed and developed starting with the security fundamentals.

  • To ensure its anonymity to protect whistleblowers.

  • To empower case owners and investigators to have a secure and private chat with the reporter.

PENETRATION TEST & VULNERABILITIES SCAN

IntegraCall® employs third-party penetration tests and vulnerability scanning prior to new version releases into the product environment.

BACKUP & DATA RETENTION

Files and database backups are encrypted using daily full backup and 30-day retention period. All backup files use AWS S3 for storage. No backups are stored on the actual server.

There is no default retention on active client data. Client data is retained for as long as you remain a client.

DISASTER RECOVERY

The disaster recovery plan is updated at least annually and tested on an annual basis. 

 
Application security
 

Privacy


PRIVACY AUDIT & COMPLIANCE

The Red Flag Group® takes information security and privacy of personal data very seriously. We are committed to GDPR compliance, and to offering our clients tools and solutions to ensure that their use of our services satisfies their obligations under the GDPR

The Red Flag Group® also participates in the TRUSTe® Privacy Program which is designed to help businesses implement strong privacy management practices consistent with a wide range of global regulations and industry standards.