Accessing controls for customer data
Role-based access controls are enforced at each layer of infrastructure. Multi-factor authentication is required for access to Swiftaid infrastructure. All application and user access logs are stored centrally and monitored.
What information security standards do Streeva/Swiftaid follow/align to/certify with?
Our solution is currently outside the scope of PCI compliance requirements. We currently self-certify to Cyber Essentials. We are certified to the top international standard for Information Security (ISO 27001) and Business Continuity (ISO 22301).
Where are the PII data held (geolocation and data environment) and how they’re protected?
All data is held within the EU (Currently Ireland and England) within Microsoft Azure. Data is encrypted at rest and in transit. We use the principle of least privilege to determine access to data. Deployment is fully automated and we use Application Insights to monitor deployments.
Who has access to the platform(s) which hold the PII secured (if not covered above?)
Access to production data limited to just CEO and Head of Engineering with 2FA. We have access to data through the support dashboard that allows access to support staff. This is secured using https and also requires access to email (which also has enforced 2FA) for code to log in.
If you have specific questions or concerns regarding security please contact us at firstname.lastname@example.org