SecurityImg

M E N U

HOME

OVERVIEW

M E N U

HOME

Iseehear Life Sciences | Security


Iseehear Inc. is committed to providing Secure, Trusted and Reliable continuous service and to that end, the Iseehear Inc. Security Stack and Information Security Management Policies were established in order to protect our subscriber's Data, Intellectual Property, Privacy, as well as address Iseehear's IT Security, Risk Management, Research Continuity and Support Services.

The Roles and Responsibilities of The Iseehear IT Security Team

The Iseehear IT Security Team (Iseehear Security) is responsible for the evaluation, development, implementation and monitoring of information technology infrastructure and computer assets, privacy and data security policies and programs for Iseehear Inc. Life Sciences. Iseehear Security manages various cloud security testing environments for conducting internal testing in order to probe for vulnerabilities in the company’s cloud infrastructure, platforms and applications.

Iseehear Security conducts security education sessions, annual penetration tests (conducted by a third party), monitors for threats and vulnerabilities, evaluates internal and external threats, assess the security posture of Iseehear websites, advise management with timely and appropriate security insights.

Learn more about Iseehear Security Cloud Infrastructure, Platforms and Applications Security Testing

Our Security Controls

Data Security Overview

At Iseehear Life Sciences | Security (ISHSec), the security of your data has always been a priority. We are committed to protecting and securing your data as you use each of our services.

Continue reading about DATA SECURITY OVERVIEW.

Protecting Your Data

The aim of security practices is to prevent any unauthorized access to customer data.

We are always looking at ways in which we can improve the security of our applications and continuously work to identify, monitor, and mitigate risks in our environment.

Is committed to constantly maintaining knowledge of the evolving application security landscape and implementing controls designed to ensure that security best practices are upheld across our organization.

Regular management security reviews are in place to address any areas that we believe should be improved upon and further secured. We implement security controls as described in this document and may modify them from time to time by pursuing new security certifications, evaluating our compliance posture, or through the use of third-party testing from time to time.

  • Security Highlights

  • Least Privilege Access

    check

  • Full Daily Backups

    check

  • Data Encrypted in Transit and at Rest

    check

  • Single Sign On (SSO)*

    check

  • Vulnerability Scanning

    check

  • Mitigating Common Attacks

    check

  • Annual Penetration Testing

    check

  • *Please contact [email protected]

Privacy Policy

Privacy Policy describes how your personal information is collected, used, and shared when you visit or register at ISEEHEAR.COM (the “Site”). At Iseehear Inc. Life Sciences (Iseehear) we are committed to protecting your privacy. Iseehear endeavours to ensure that the information that you submit to us remains private and that it is used only for the services we provide to you. We aim to provide a safe and secure experience for all of our users. Respecting and protecting your personal data privacy is important to us. So we have updated our Privacy Policy as well as Terms of Use on May 25, 2018 to make our policies even more transparent as well as compliant with new privacy regulations being enacted in various countries and regions around the world (for example PIEPEDA in Canada, GDPR in Europe, PIPA in South Korea, DPB in the United Kingdom, PDPA in Singapore, …). The majority of the regional data protections and privacy regulations (enacted, being revised or pending) have some common expectations and requirements regarding the transparency, control, securing and responsibility of personally identifiable information collected by companies providing digital or internet centric services to their citizens. Continue reading about Privacy Policy.

Physical Security

We have engaged Google Cloud Platform (“GCP”) to provide cloud hosting for the Services. A summary of the controls in place at GCP facilities and environments is set out below (as described by GCP). Continue reading about Google Cloud Platform Security.

Data Center Facilities

GCP operates ISO27001, PCI DSS Level 1 & SOC 2 Type compliant data centers. Automated fire detection and suppression systems are installed in networking, mechanical, and infrastructure areas. All GCP data centers are constructed to N+1 redundancy standards.

Server Monitoring

GCP's global security operation centers conduct 24/7 monitoring of data center access activities, with electronic intrusion detection systems installed in the data layer.

Hard Perimeter

Each of GCP' data centers have a controlled perimeter layer with 24/7 on-site security teams, restricted and controlled physical access, multi-factor authentication, electronic intrusion detection systems and door alarming.

Network Security

Architecture

We employ GCP security groups and IAM controls to lock down communication between components so access to Services must be granted explicitly on an as-needed basis.

DDoS Mitigation, Content Delivery, and Internet Security Monitoring

ISHSec system audit logs are maintained and checked for anomalies, and we use GCP services to protect from distributed attacks.

Least Privilege Access

Access to hosting servers for the Services and live environments as well as testing and sandbox environments are provided on least privilege access. A very limited number of personnel have access to live, testing and sandbox environments, which also require multiple levels of security access.

Security Incident Response

ISHSec continually monitors our cloud services and has response teams on call 24/7 to respond to security incidents. Our hosting provider, GCP, as well as ISHSec internal security provides 24/7 monitoring and support.

Penetration Testing

ISHSec conducts a third-party penetration test annually or after any major changes to the platform.

Platform & Application Security

Development

Quality Assurance

We have teams of individuals who review and test all changes to our code base. For every update or release to the software, testing is performed by development, QA, project management and security teams with a multi-level approach.

Separate Environments

We maintain separate environments for both testing, sandboxing and production. These environments are logically separated from the live production environment. No customer data is used in testing or development.

Vulnerability Scanning

In addition to application penetration testing, unit testing, human auditing, static analysis, and functional tests, we perform weekly third-party vulnerability scans of our test, sandbox and production environments.

Mitigating Common Attacks (XSS, CSRF, SQLi)

Our tools have been built to mitigate common attack vectors such as SQL injection attacks and cross-site scripting attacks (XSS). ISHSec cloud environments also take advantage of GCP’ enterprise-grade Web Application Firewall (WAF) in an attempt to automatically block or challenge suspicious requests.

Data Encryption

Data at Rest

All customer data is stored encrypted on GCP servers with the AES-256 encryption algorithm.

Data in Transit

Any data that is transmitted into and from the ISHSec Services is encrypted. Web traffic over HTTP is secured by GCP as well as Cloudflare with TLS 1.2 or 1.3 using proven-secure cipher suites.

Software

Single Sign On

Depending on how many licenses you have purchased, you may have access to an SSO option for the Services. Please contact us at [email protected] if you have any questions.

Availability & Security Incidents

Uptime

ISHSec uses GCP to host its Services, and maintains an uptime promise from GCP of at least 99% (subject to scheduled downtime, emergency maintenance, and issues outside our or GCP’ control).

Redundancy

ISHSec use GCP with redundancy over multiple availability zones, with database backups offering 35-days’ worth of point-in-time recovery, if needed. Additional encrypted off-site backups are updated daily.

Responding to Security Incidents

ISHSec has established procedures and policies with regards to responding and communicating about security incidents. The level of the security incident will dictate how we communicate and responding to our customers. If a security incident does occur which affects your personal information, we will inform you as required by applicable law. We annually reevaluate our responding procedures and amend them as we deem necessary.

Disaster Recovery and Business Continuity Plan

A business continuity plan has been put in place in the event an emergency or critical incident impacting any facet of ISHSec business operations, including the Services, occurs. This was created with the intent that we can continue to function as a business for our customers in the event of major disruptions. The business continuity plan is tested and checked on an annual basis for applicability and any additional improvements that could be made.

Organizational Security

Personnel & Endpoints

Workstation Set-Up

Every employee workstation is set up and monitored to ensure data is encrypted at rest, passwords are strong (managed by a secure password management vault), up-to-date OS patches, and active, up-to-date antivirus.

Confidentiality

We perform background checks on all new hires and on commencement of employment at ISHSec, and all personnel who have access to your personal information and Financial Information are required to execute nondisclosure agreements.

Security Training Program

All employees at ISHSec are required to participate in our security awareness training that focuses on helping each person understand the role they play in protecting data and preventing security breaches. Employees also are required to review the ISHSec security policies on a recurring annual basis.

Vendor Management

Sub-Service Organizations

In order for ISHSec to run efficiently, we rely on sub-service organizations to help us deliver our Services. When selecting a suitable vendor for a required Service, we take the appropriate steps designed to ensure that the security and integrity of our Services is maintained. Every sub-service organization is scrutinized, tested, and security checked prior to being implemented into ISHSec.

Vendor Compliance

ISHSec monitors the effectiveness of these vendors and they are reviewed annually to confirm security and safeguards are being upheld per the terms of our agreements with them.

Terms and Conditions

Terms and conditions for use of the Site, which you may access in several ways, including but not limited to the World Wide Web, Internet enabled television, Computer, Intranet, Cellular phone and wireless mobile device. These terms and conditions apply whenever you access the Site, on whatever device. In these terms and conditions, when we say Iseehear.com we mean this Site or any of its associated network websites, regardless of how you access it. By using the Site, you are deemed to have accepted these conditions. Continue reading about our Terms and Conditions.

Accessibility

Digital Accessibility refers to how well people with visual, hearing, motor and or cognitive challenges can access our website content. Iseehear Inc. Life Sciences is committed to providing a website that is accessible to the widest possible audience. We want everyone who visits to feel welcome and find the experience useful. Continue reading about our Accessibility.


Use this site to stay informed on the health of Iseehear Inc. Life Sciences (ISHLS.Com) services, cloud applications, mobile applications and networks.

At Iseehear Inc. Life Sciences (ISHLS.Com) our goal is to be as open and transparent with our clients as possible. To that end, we have implemented numerous communication resources thus allowing us to communicate timely information regarding services, scheduled events, security, policies and emergency situations that may arise from time to time-related to the services Iseehear Life Sciences provides.