SECURITY
Learn more about how we maintain system security at contactSPACE
Our security philosophy
contactSPACE security protocols are based on the guidelines set out in ISO 27001 – the world’s leading information security standard.
Under the principles of ISO 27001, we use a holistic, multi-layered security strategy.
Our security controls account for all different areas where protection is required, pertaining to both our product and our people.
People
contactSPACE continually works to ensure that we have the right people on our team, and that we equip our team to maximise contactSPACE security.
New employees must pass a thorough vetting process and background check before joining contactSPACE.
During onboarding, new employees are taken through comprehensive security training. Over time, our team goes through continual infosec education to ensure that we stay on top of security trends.
Architecture
contactSPACE uses AWS – one of the world’s most secure commercial cloud solutions. You can learn more about AWS architecture and security here.
Inside AWS, each respective customer’s data is stored in their local geography to comply with relevant data sovereignty regulations.
DDoS protection is used on all web-facing entry points to prevent denial of service attacks.
contactSPACE also undergoes regular penetration tests by third party contractors to ensure application security.
Encryption
contactSPACE makes extensive use of encryption in order to protect sensitive data.
In transit, all data is encrypted using an SSL key. This includes data such as login credentials, list uploads, and voice data.
At rest, all data is encrypted as soon as it reaches storage. This includes data such as lists and call recordings.
Authentication
contactSPACE constantly evolves with authentication best practice in order to maximise application security.
Methods such as login throttling, cookie authentication checks, and replay prevention are used to stop brute force attacks and unwanted logins. Also, all login-related events are logged, and an application-level audit trail is maintained to provide visibility into logins and user activity.
On the backend, AWS IAM users and Roles are used to adhere to the principle of least privilege.
Want more info?
Download our free product guide to get up to speed.
