Security and privacy at iLost

ISO 27001 is recognized as the premier information security management system (ISMS) standard worldwide. ISO 27001 also leverages the comprehensive security controls detailed in ISO27002. The basis of this certification is the development and implementation of a security management program, including the development and implementation of an Information Security Management System (ISMS). This widely-recognized and widely-respected international security standard specifies that companies that attain certification also:

• Systematically evaluate information security risks, taking into account the impact of security threats and vulnerabilities.
• Design and implement a comprehensive suite of information security controls to address security risks.
• Implement an overarching audit and compliance management process to ensure that the controls meet our needs on an ongoing basis.

iLost has received the ISO 27001 certificate from BSI in June 2018. This certification is subject to ongoing external assessments, with a full reassessment occurring every three years.

To protect information that’s available on our website and iLost for Business app, we apply a number of security measures:

• Encryption of all web traffic using modern cryptographic methods (TLS 1.1 and later) and forward secrecy

• Strict Transport Security to prevent downgrade attacks, hijacking etc.

• All passwords are one-way encrypted in the database using bcrypt.

• Strict enforcement of role-based ACLs for all endpoints that provide access to sensitive information.

We maintain a secure coding standard and security best practices based on practical research and learnings as published by the OWASP Foundation, SANS institute and others.