How we keep your data safe

Our Pillars

EthicsAnswer, powered by EthicsGrade, is committed to maintaining a secure information technology environment to protect the confidentiality, integrity, and availability of its information assets. This document outlines the guidelines, procedures, and responsibilities for ensuring the security of our IT infrastructure. We adhere to four key pillars:

1. Authentication & Authorisation
2. Database & Software Management
3. Content Security
4. Data Storage
5. Policy Adherence and Awareness

 

1. Authentication & Authorisation

  • Token-Based Authentication: robust token-based authentication mechanisms
  • Strong Password Policy: enforcing the use of strong passwords. 
  • API Security: ensuring both internal and external APIs are protected by authentication
  • Network Security: firewalls and intrusion detection/prevention systems are implemented to protect against unauthorised access

2. Infrastructure Management

  • Daily Backups: to ensure data integrity and availability
  • Weekly Software Updates: coupled with rigorous testing and daily monitoring for system health and performance.
  • Malware Protection: Anti-malware software is deployed on all systems

3. Security Control Monitoring

  • Confidentiality Assurance: all information is confidential, no non-public documents are shared with any third parties and is only accessible by the customer it relates to
  • Security Logs: monitored daily
  • Incident Management: immediate activation of our established incident response procedures followed by thorough post-incident review and documentation for transparency and accountability to stakeholders
  • Proactive Security Policy: monitoring publicly reported security issues and assessing their relevance to our service to stay ahead of potential threats and vulnerabilities

4. Data Storage

  • Anonymised, Aggregated Storage: data is stored on our servers in anonymised, aggregated formats specifically for training EthicsAnswer using machine learning techniques.
  • Encryption Standards: data is encrypted at rest 
  • Transport Layer Security: data is safeguarded during transmission. 
  • Perfect Forward Secrecy (PFS): enabled for enhanced security and confidentiality of data transmission

5. Policy Adherence and Awareness:

  • Security Awareness Training: employees undergo regular security awareness training to stay informed about security threats and best practices
  • Compliance: EthicsAnswer is in compliance with relevant laws, regulations, and industry standards