iPost Data Security Documentation

Security

As a company, we take pride in our commitment to security, privacy and our customers.  It is the personal responsibility of iPost employees to maintain the Integrity, Confidentiality and Availability of our systems, resources, products, infrastructure and platforms.  iPost regularly commits itself to the continuous security of the data and information entrusted to us by our customers and their subscribers.  Below is a summary of our policies and procedures that we have in place to provide a safe and secure environment for you and your data.

Authentication and Access Control

  • All user passwords are hashed and are not retrievable by anyone, including the user.
  • Any user credentials used in the application are transmitted via SSL.
  • Internal passwords are stored in secure systems to prevent unauthorized access and usage.
  • Access keys and system passwords expire and are required to be rotated on a regular basis.
  • Access to iPost systems are given on a need-to-know basis and with the least privileges required.
  • Server-Side Encryption (SSE).
  • Enterprise scale identity management systems.

Data Security Loss Prevention

  • Our data centers provide
    • DDoS Protection.
    • Track and monitor asset usage.
    • Multifaceted disaster recovery plan including plans for pandemics.
    • Data center assurance programs
      • SOC 1/ISAE 3402, SOC 2, SOC 3
      • FISMA, DIACAP, and FedRAMP
      • PCI DSS Level 1
      • ISO 9001, ISO 27001, ISO 27017, ISO 27018
  • Regular backups and mirroring of data.
  • Secret or Sensitive information is encrypted at rest and in transit wherever possible.

Threat Detection and Monitoring

  • Dedicated security team that monitors and reviewed all security threats.
  • Continuous monitoring and intrusion detection.
  • Software based solutions for automated threat identification.
  • Vulnerability detection and testing.

Hardware and Software Security

  • iPost hardware is kept in secure locations to prevent theft and compromise.
  • Regular testing for vulnerabilities and security before deployment to the production environments.
  • Established system hardening process for iPost applications.
  • Patch management and patching cycles for all application software.

Internal Security and Protocol

  • Company wide Social Engineering exploit prevention practices and training.
  • Anti-phishing training and review of malicious emails by the security team.
  • Regular review of security policies and practices.
  • Anti-Virus and Malware detection utilities installed and regularly updated.
  • Rigorous personal security background checks.
  • Key card and locks to secure all hardware storage areas.
  • Biometric protection for highly sensitive and confidential locations.
  • Password management and standard enforcement.

Certification and Compliance

SOC II
iPost achieves SOC II compliance Type I and is completing SOC Type II certification from a third-party auditor auditing firm.

Privacy Shield Program
iPost has publicly committed to the Privacy Shield Program and committed to comply with the Privacy Shield Principles as outlined by the United States Department of Commerce.

Further Compliance and Regulatory Guidelines

iPost follows the guidelines and regulations set forth in the following laws and regulations:

  • GDPR
  • CCPA
  • CAN-SPAM
  • CASL