Data Security Information Overview

Security Management

Security Management Overview

Trendspek is an ISO27001 certified company, meaning our systems and processes have been audited and meet internationally-recognised requirements for information security
Built on the back of Amazon Web Services (AWS) Amazon provides completely isolated environments where we deploy Trendspek. Over one million companies and government organisations across the globe use Amazon to protect their data including NASA, Shell, GE and the CIA.

All services are contained within Trendspek’s virtual private cloud with no public access possible. Public access to Trendspek’s web-app is only provided when access is attempted via an internet-facing load balancer.

Trendspek uses best-practice authentication and encryption in transit and at rest. We provide multi-factor authentication, which we recommend to keep vital assets secure.

All activity both internally and externally is logged and monitored. Any unusual activity will trigger alerts and result in a follow-up investigation. Sensitive data in the cloud is encrypted with an industry-standard key management system, with each activity monitored and logged.

Auditing Schedule and Penetration Testing

Trendspek undergoes constant external auditing and surveillance as part of its ISO 27001 certification. All policies, procedures and risk registers are formatted to ISO 27001 standards. Trendspek is also subject to external penetration testing.

Change Management

As a web application, code changes are made and deployed in a continuous manner with an internal versioning system. Majority of updates are conducted at off-peak times. No action is required to update to the latest version beyond refreshing the browser.

Privacy

Trendspek complies with all local privacy laws, including the General Data Protection Regulation (GDPR), and is committed to keeping your personal data safe and secure. For more information, view our privacy policy.

Physical Security

Office Security

Data may transit Trendspek’s head office in Sydney NSW Australia, for the purpose of processing 3D models prior to being returned to the cloud.

Trendspek offices are secured with self-closing, self-locking doors with access managed via electronic tags. Access is recorded and entry logs are maintained. The offices are also secured with security access gates, and all areas are monitored by CCTV security cameras.

Staff Devices

All devices used by our staff members are required to be password protected, with automatic locking after short periods of disuse in addition to full-disk encryption. Devices are monitored and can be remotely wiped in the event of a breach. Enabling MFA for online access is a mandatory policy for all staff.

Data Hosting (Server and storage)

Server and Network Security

Trendspek is wholly hosted on the Amazon Web Services (AWS) platform.
AWS provides state-of-the-art data centre security that complies with industry standards such as SOC, PCI DSS, and ISO 27001. All physical network and server security responsibility are delegated to AWS.

For more information regarding AWS’s physical security practices, check out their security whitepaper.

Data encryption

Data in transit is secured with SSL. AWS RDS Database is encrypted at rest using industry-standard encryption algorithms. AWS S3 storage is encrypted at rest using industry-standard encryption algorithms. All servers and other stores of data have encrypted root volumes.

Data backups

In the unlikely event of customer data loss, procedures and safeguards are in place to ensure recovery. The majority of customer data is stored in Amazon’s S3 which is rated to have 99.999999999% durability.

Database snapshots are taken every 24 hours and stored across multiple availability zones. Data (models, images) backup and integrity are managed by AWS S3. In the event of a disaster, AWS would manage the recovery and restoration of lost data.

Data Availability

AWS is well known for its stability and reliability. Nevertheless, outages can occur in exceptional circumstances. If an outage occurs, a technical member of staff will endeavour to resolve the issue as quickly as possible. Trendspek endeavours to maintain a 99% yearly uptime.

Data Accessibility

Trendspek Cloud infrastructure is private and isolated with restricted access to the internet. Data is accessible via cloud to the nearest cloud region available to the user. Trendspek’s data is segmented from other user data in the cloud.

End-User Security

Authentication

Trendspek uses multi-factor authentication and encryption of data-at-rest and in-transit. It is HIPAA eligible and PCI DSS, SOC, ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and ISO 9001 compliant.

User Passwords

Password standards are set by Trendspek and must be a complex password with a minimum character length inclusive of other requirements set by NIST 800-63.

Passwords are able to be reset via the dashboard or login page. Access to users email is required if resetting through the login page in order to obtain authorisation codes. Trendspek does not have access to users credentials.

Multi-factor authentication (MFA) may be used to provide additional security, with access codes sentto the user’s device.

User Permissions

Trendspek provides user-configurable access controls at an application level.
Users can be invited by any user with share permission. Admin users can only be invited by those users with existing admin privileges.

User Lockout

Session will time out after a determined period of time. Trendspek typically starts denying your login attempts after a determined number of rapid login attempts, or rapid login attempts from varying locations. A user will be entirely disabled if a brute force attack is sensed.

Reporting

User Logs

Trendspek maintains administration and end-user logs to provide an audit trail and to enable quick investigation of potential threats or issues.

Every interaction between Trendspek Infrastructure and an end-user is logged on a granular level. Trendspek captures all traffic specific to the network – any traffic going through the endpoints will be captured, as will any admin CLI or web console activity.

Some information that may be logged includes IP addresses, request headers, request payloads, device information, status codes, response times, and failed login attempts. We never log confidential or sensitive data.

Trendspek’s logs are accessible by only a few key Trendspek staff. They are encrypted at rest and stored for 365 days.

Incident notification

Trendspek will notify relevant users of any suspicious activity or data breaches regarding Trendspek and or user data, as set out in its Security policy and procedures manual.

Data Handling

Data Extraction

During the Term, the user will be entitled to undertake a data extraction of the user Content and Developed Content from the Company’s web-based software, in such form made available by Trendspek (e.g. PDF, spreadsheet or otherwise).

Data Backup

All user data is stored in an AWS S3 Bucket location nearest the account owner. AWS does not publish their internal backup strategies however their durability guarantee implies that this data is backed up and may potentially be restored in the event of a catastrophic failure.

Data Removal

When a file is deleted from AWS S3, removal of the mapping from the files URI to the file starts immediately and is generally processed across the distributed system within several seconds. Once the mapping is removed, there is no external access to the deleted object.

Data Disposal

Trendspek adheres to AWS Data Privacy policies https://aws.amazon.com/compliance/data-privacy-faq/