Security
Data Encryption
Colectidea encrypts data in transit using HTTPS and logically isolates customer data. Additionally, several components also encrypt their data at rest:
- User Authentication
- Information Storage
- Information Storage (Images)
- Information Processing
- Sending notifications (push)
- Automatic performance and failure reporting
Compliance with Security Standards
Colectidea components comply with major security and privacy standards.
| Component Name | ISO 27001 | ISO 27017 | ISO 27018 | SOC 1 | SOC 2 | SOC 3 |
|---|---|---|---|---|---|---|
| User Authentication | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Information Storage | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Information Storage (Images) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Information Processing | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Visualization (website) | ✓ | ✓ | ✓ | ✓ | ||
| Sending notifications (push) | ✓ | ✓ | ✓ | ✓ | ||
| Sharing links | ✓ | ✓ | ✓ | ✓ | ||
| Sending notifications (internal) | ✓ | ✓ | ✓ | ✓ | ||
| Automatic performance reporting | ✓ | ✓ | ✓ | ✓ | ||
| Automatic failure reporting | ✓ | ✓ | ✓ | ✓ |
Internal Security Practices
To keep personal data secure, extensive security measures are employed:
- All employees are trained in information security.
- By default, access is restricted to all employees of our company, only certain predefined roles have access (e.g., customer service and technical support).
- Employee access to systems containing personal data is logged.
- Access to personal data is only allowed to employees who log in with an account with two-factor authentication.
End-User Security
Certain security-related activities are the responsibility of the end-user:
- Adding users
- Deleting users
- Assigning roles and permissions
We recommend adding complementary security practices for these activities.