Security and privacy at iLostMore than 100,000 customers and 200 organizations trust iLost with their data - we take this trust very seriously. The security, integrity and confidentiality of their data are our top priorities.
ISO 27001 Certification
ISO 27001 is recognized as the premier information security management system (ISMS) standard worldwide. ISO 27001 also leverages the comprehensive security controls detailed in ISO27002. The basis of this certification is the development and implementation of a security management program, including the development and implementation of an Information Security Management System (ISMS). This widely-recognized and widely-respected international security standard specifies that companies that attain certification also:
- Systematically evaluate information security risks, taking into account the impact of security threats and vulnerabilities.
- Design and implement a comprehensive suite of information security controls to address security risks.
- Implement an overarching audit and compliance management process to ensure that the controls meet our needs on an ongoing basis.
iLost has received the ISO 27001 certificate from BSI in June 2018. This certification is subject to ongoing external assessments, with a full reassessment occurring every three years.
Amazon Web Services
iLost runs on Amazon Web Services (AWS), the largest and most secure infrastructure provider on the planet. We ensure our scalability, high availability and security by implementing the following:
- Replication of servers across multiple availability zones.
- Regular backups of our database and other key systems.
- Restricting and monitoring access to servers of the platform.
To protect information that’s available on our website and iLost for Business app, we apply a number of security measures:
Encryption of all web traffic using modern cryptographic methods (TLS 1.1 and later) and forward secrecy
Strict Transport Security to prevent downgrade attacks, hijacking etc.
All passwords are one-way encrypted in the database using bcrypt.
- Strict enforcement of role-based ACLs for all endpoints that provide access to sensitive information.
We maintain a secure coding standard and security best practices based on practical research and learnings as published by the OWASP Foundation, SANS institute and others.