At Inspectorio, data and cybersecurity have
the utmost priority.
We have a dedicated security team to develop and maintain industry recognized security initiatives.
We have an ISMS in place to always keep an eye on all of its assets.
We meet the most extensive compliance standards.
Our platform and infrastructure undergo routine independent pen-tests, as well as public Vulnerability Disclosure Program.
Technical, administrative, physical and organizational measures
Information Security Management System
Inspectorio has deployed an ISMS to manage security professionally. Inspectorio’s ISMS has been audited by an independent, external auditor to achieve ISO/IEC 27001:2013 certification. ISO/IEC 27001:2013 is an international standard that specifies the requirements for establishing, implementing, maintaining and continually improving an ISMS.
The ISO standard demands the utilization of best practices for the assessment and treatment of information security risks. Having already attained ISO/IEC 27001:2013 certification, we continue to undergo routinary external audits to ensure our security standards remain en par with our ISO certification.
Inspectorio hosts its Services with leading Cloud Providers in the Tokyo region. Inspectorio relies on contractual agreements, privacy policies and vendor compliance programs in order to protect data processed or stored by said providers. The physical and environmental security controls are audited for SOC 2 Type II and ISO 27001 compliance, among other certifications.
Confidentiality, Integrity and Availability
Personal Data remains confidential throughout processing and remains intact, complete, and current during processing activities. Personal Data is protected from accidental destruction or loss, and there is timely access, restoration or availability to Personal Data in the event of an incident.
Inspectorio maintains an up-to-date incident response plan that includes responsibilities, how information security events are assessed and classified as incidents, response plans, and procedures. Inspectorio logs administrator and user activities at the production data center to provide evidence in the event of an incident.
Certifications and Accreditations
Inspectorio, has achieved ISO 27001:2013 certification
covering all of its assets including infrastructure, data centers, services to their customers and team members.
- Published by the International Organization for Standardization (ISO), the ISO 27001 standard is used worldwide by governments and organizations to indicate that data security is properly implemented throughout an entity.
- The ISO 27001 standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS).
- For companies that use cloud-based software, one way to ensure that data is as safe as possible is to only use software-as-a-service (SaaS) from a provider who is certified according to an Information Security standard.
- Inspectorio is the only AI powered digital platform for quality and compliance monitoring that has met the rigorous requirements set out by the ISO.
Operations and Access Control
Inspectorio data processing systems are used only by approved, authenticated users.
- Access to Inspectorio internal systems is granted only to Inspectorio Personnel and/or to permitted employees of Inspectorio’s subcontractors and access is strictly limited as required for those persons to fulfill their function.
- Inspectorio has established a password policy that prohibits the sharing of passwords and default passwords to be altered. All passwords must fulfill defined minimum requirements and are stored in encrypted form.
Each computer is password protected.
- A second factor of authentication is required for access to online systems containing Inspectorio source code or infrastructure assets.
- Inspectorio has a thorough procedure to deactivate users and their access when a user leaves the company or a function.
- For Customer access to the system, Inspectorio implemented a uniform password policy for its customer products. End users who interact with the products via the user interface must authenticate before accessing customer data.
- Application Programming Interface (API) access: Private product APIs may be accessed using an API token.
Persons entitled to use data processing systems gain access only to the Personal Data that they are authorized to access.
- Personnel training covers access rights to and general guidelines on definition and use of Personal Data.
- Where appropriate and practical, Inspectorio employs data minimization and pseudonymizing to reduce the likelihood of inappropriate access to Personal Data.
- The production environment for the SaaS Service is separate from the development and testing environment, and development Personnel do not have access to the production environment.
- Inspectorio uses up-to-date anti-malware software on all appropriate computers.