We treat information security and data protection as vital components of doing business. Whether you are our long-standing client or just getting to know us, *instinctools follows security best practices, underpinned by our ISO/IEC 27001:2022 certification, to safeguard your personal data and any project-related assets received from you.
Instinctools follows the requirements of:
Instinctools’ working model is designed to be secure, trustworthy, and resilient. From a streamlined software development process to robust infrastructure and unwavering focus on data and intellectual property protection, we’re setting the gold standard in safety.
We hold hybrid infrastructure in our offices and third-party data centers in the USA and EU to process European and US customer personal data intra-EU and intra-US, respectively.
While crafting robust software solutions for more than two decades, we’ve ruminated over our company’s InfoSec model and excelled in corporate security by combining:
Along with ensuring the safety of the networking systems, cloud and data center resources, we also take care of the hardware and software assets, such as staff devices. Even when our dedicated team members work off-site, they have to follow the company’s BYOD policies and stay within our protected infrastructure.
Our software development lifecycle is built according to the NIST 800 and zero trust approach, which imply clearly stated requirements for the software development process:
By constantly following this proactive framework, our team creates a safe environment for developing your software products.
Secure communication is table stakes from the moment you send us your first message.
Secure communication is table stakes from the moment you send us your first message.
This goes alongside running regular internal audits of information systems, monitoring security events, and logging all actions on information assets. Not only do we operate software that aligns with GDPR and CCPA standards but we also adhere to local privacy laws that go beyond the well-known regulations.
Instinctools’ rules, expectations, and overall information security strategy are well-articulated, documented, and updated in our ISP guidelines following ISO 27001.
When crafting our infrastructure, not only vetted solution architects made their input, but also vetted lawyers advised us on the intricacies of working with the clients’ intellectual property. With IPP policies in place, we can bet our reputation that your intellectual property is safe and sound within our infrastructure.
Instinctools conducts annual internal audits of IT systems, security documentation, and information assets in accordance with ISO 27001.
We have a comprehensive incident response plan (IRP) based on the ISO 27001 InfoSec incident management to tackle any security issues. If a security accident occurs, we perform an emergency audit to instantly spot the problem and mitigate its negative impact on the company’s infrastructure, business processes, and clients’ personal information.
Furthermore, at *instinctools, comprehensive policies, procedures, guidelines, tech and operations best practices are supported by ongoing staff training. To minimize the probability of human error, we conduct security awareness training for new staff members. Moreover, each employee has to undergo annual security knowledge tests.
We provide a secure physical perimeter for your offshore development center upon request and offer:
Treating security as our top-of-mind business priority led to development of our InfoSec framework. That’s how we see a robust security model.
Our internal infrastructure is designed as a secure closed network with strict access rules and is only available for authorized users.
Every single action within our internal infrastructure is logged and tracked. Our security team members can always check who-s, when-s, and where-s of the changes.
Every member of our team who interacts with the clients’ proprietary data is automatically a responsible person for the security of these assets within the overall information security strategy.
No one can access *instinctools’ infrastructure without passing through an identity check. Our employees can only log into the internal systems with the credentials from the reliable corporate systems.
To ensure the integrity and reliability of the information, we implement stringent measures against both intentional and inadvertent alterations to system and personal data. At *instinctools, confidential and personal information is stored in the cloud within a secure environment managed by our dedicated administrators. Only staff with high-level rights can modify security settings, and this is always under strict conditions of authorized access, with every action rigorously logged.
We prepare backup and data recovery plans for every system and all devices within our company’s network where personal data is processed. Furthermore, our team has an uninterruptible power supply (UPS) and high-availability internet connection with automatic failover at all relevant locations to continuously deliver robust software development services, even if the main system goes down.
Beyond the explicit details of the ISO 27001 and NIST 800 guidelines lies a gray area of nuanced concerns, such as responsibility for data security when data is transferred between our and your infrastructures. With *instinctools by your side, those subtleties are meticulously addressed.
We highlight all the shadow areas to avoid misunderstandings and shortcomings and capture clear agreements on shared responsibility for secure data transfer in the contract.
If your project requires data transfer from the EU zone to the US or vice versa, we provide a secure transfer shield, where we guarantee that your personal information won’t be leaked or stolen.
