Data Security
Our Security Framework
It is critical for our customers to have peace of mind about the security of our product. The core of the Auto Insights business involves dealing with sensitive client data. From day one, we built our product and designed our business processes and Software Development Lifecycle with security and risk in mind.
Internal Policies and Procedures
With respect to our internal protocols, we have roles and responsibilities defined for information security, segregated across roles and individuals to avoid conflicts of interest and prevent inappropriate activities. We have human resource policies and background checks for sensitive roles. We conduct security training for all new employees, and a formal disciplinary process is in place to handle information security incidents allegedly caused by staff.
Data Security
We employ mobile devices and teleworking policies and controls for mobile devices (such as laptops, tablet PCs, smartphones, and removable media). We have strict access controls to manage the allocation of access rights to users from initial user registration to removal of access rights when no longer required. Information access is restricted in accordance with the access control policy and to the minimum necessary privileges. All client data is encrypted both at rest and in transit. We can support customers' data sovereignty requirements through the storage, processing, and transit of their data in the specified region. Regions in which Auto Insights is hosted are listed on Auto Insights Cloud.
Our physical and environmental security is strictly followed for our development environment. For our customer data, we employ Google Cloud Platform which is accredited, reputable, and industry-renowned for its approach to data security.
We have implemented policies around operations security such as IT operating responsibilities and procedures, Backups, Logging & monitoring, Technical vulnerability management, and Information systems audit considerations.
Risk Management
We are constantly reviewing our business continuity management at the board level, and the Information security continuity and redundancies in all the levels below.
Compliance
We identify and document our obligations to external authorities and other third parties about information security, including intellectual property, business records, privacy/personally identifiable information, and cryptography. We also conduct external and independent security reviews to enhance our security and ensure that the highest security standards are utilized and met for our customers.