Data Security Policy
Our primary security focus is safeguarding the data that our customers and users trust WISEflow with.
We’ve developed our security framework using best practices in the SaaS industry. Our key objectives include:
Customer Trust and Protection – consistently delivering superior products and services to our customers while protecting the privacy and confidentiality of their information.
Availability and Continuity of Service – ensuring ongoing availability of the service and data to all authorised individuals and proactively minimising the security risks threatening service continuity.
Information and Service Integrity – ensuring that customer information is never corrupted or altered inappropriately.
Compliance with Standards – implementing processes and controls to align with current international regulatory and industry best practice guidance. We have designed our security program around best-of-breed guidelines for cloud security. In particular, we leverage standards with the framework of ISO 27001/2, as well as the EU Privacy Regulation (EU 2016/679).
Overview
WISEflow is hosted and delivered by Amazon Web Services in the EU. As such, the security and compliance of WISEflow is a responsibility shared by AWS and UNIwise. Further info on the shared responsibility model can be found here.
Certifications
UNIwise has been certified for ISAE 3402, which proves that an independent service auditor has approved and issued an assurance report on the description of controls, their design and their implementation regarding the exams and assessment platform services from WISEflow.
We have also achieved the D-seal certification for IT security and data ethics. The D-seal is an internationally renowned Danish labelling program which promotes the responsible use of data. Through achieving D-seal certification, UNIwise can now more comprehensibly secure digital trust, as its strict criteria recognise robust and responsible approaches to data protection, ensuring accountability to our partners and users alike.
Our hosting provider Amazon Web Services is responsible for protecting the infrastructure that runs all of our cloud services provided by AWS Cloud. AWS has been certified by third-party organisations and manages many compliance programs to comply with laws and regulations. A list of these certifications and compliance statements can be found here.
AWS has a public SOC 3 report on Security, Availability & Confidentiality (PDF), as well as an ISO 27001 certification (PDF).
We have also joined the GDPR-library EU from Ilona IT Oy. This allows user organisations to be better informed when they consider purchasing and using software and cloud services. This all helps institutions to gain access to reliable and up-to-date information, which supports procurement decisions and the investigations and evaluations that precede it.
Encrypted communication
All data transfers use secure protocols and encryption at rest.
All communication, as well as data in transit, is routed through the TLS protocol, which uses SSL/TLS certificates with an A+ overall rating from GlobalSign.
Service Resilience
WISEflow’s architecture is based on a multi redundant setup without "single-point-of-failure" bottlenecks. App and database servers are located in different data centres. The database layer is built as a cluster with at least three nodes, in three different data centres, where there is write and read access to all nodes in the cluster, ensuring that the asset data is always stored in at least three physically separate EU locations. In addition, incremental backup is automatically made on an hourly basis and full back-up on a daily basis.
Privacy
UNIwise understands the importance of and is committed to ensuring the privacy of all users’ personally identifiable information. For more information, please see our Privacy Policy.
