Security

Data Security

Safe Surfing

There are a lot of moving pieces to securing an online experience today, and we're always striving to do better!

Keeping Your PII Safe

When constructing and maintaining the ISLF community portal, security was forefront in our mind.  If you are here, you're probably already familiar with many of the managerial and technical ways to help secure an organization's online presence. The controls we have implemented are many, and while we don't have enough room to reference them all here, the key areas are highlighted below.

Key areas

  • Secure Hosting Environment - the ISLF community portal is hosted on top of AWS' ISO 27001 certified platform.
  • Secure Hosts - the Virtual Private Servers (VPS) our community portal resides upon are scanned for vulnerabilities and security hardened in accordance with recognized industry benchmarks, before additional custom configurations are applied.
  • Secure Access - All VPSs are contained within secure Virtual Private Clouds (VPC) protected by network-based firewalls. Additionally, all unnecessary ports are disabled.
  • Secure Administrative Access - All administrators access our systems are required to use Two Factor Authentication (2FA) and when accessing the operating system of a server, an SSH connection is required.
  • Vulnerability Monitoring - we regularly monitoring for new vulnerabilities that could affect our systems and periodically run automated vulnerability scans on our VPSs.
  • User Session Protection - we use industry standard SSL / TLS session security to ensure your connection and all the information that traverses between your system and our web environment.
  • Physical Security - Access to our data center and offices are secure. 
  • Malware Protection - our Community Portal  is protected by anti-malware to aid in the detection and eradication of malware, should it find its way on the system.
  • Disposal of Sensitive Data - all printed information that contains PII is cross shredded. 
  • Personnel Security - Employees and contractors are required to sign our confidentiality and non-disclosure agreement as well as participate in employee security training, before accessing our systems and data. We also do criminal and other background checks to verify the identify and trustworthiness of those we hire.
  • Third Party Vendors - The ISLF uses only a limited number of third party vendors, who are subject to a 3rd Party Risk Assessment Process. These vendors are also required to sign our confidentiality and non-disclosure agreement, and ensure their security is consistent or better than the controls used inside the ISLF.