Security. Compliance. Protection.
You trust us with your data, and we take that responsibility seriously.
Better together 🤝
Upzelo works with a network of trusted partners to ensure the privacy of your customer's data is safe in our hands.
We have an Information Security Program in place that is communicated throughout the organisation. Our principles follow the criteria set forth by GDPR, CCPA and the SOC 2 Framework.
Audits and penetration testing
Our organisation undergoes independent third-party assessments to test our security and compliance controls at least annually to ensure that the security posture of our services is uncompromised.
Roles and responsibilities
Roles and responsibilities related to our Information Security Program and the protection of our customer’s data are well-defined and documented. Our team members are required to review and accept all of the security policies.
Security awareness training
Our team members must go through employee security awareness training covering standard industry practices and information security topics such as phishing and password management.
All team members are required to sign and adhere to an industry-standard confidentiality agreement prior to their first day of work.
Cloud infrastructure & data hosting
All of our services are hosted with Amazon Web Services (AWS) in the US-East-1 region.
Encryption at rest and in transit
All databases are encrypted at rest and in transit with TLS/SSL only.
Vulnerability scanning, logging and monitoring
We perform vulnerability scanning and actively monitor and log for threats concerning customer data.
Business continuity and disaster recovery
We use our data hosting provider’s backup services to reduce any risk of data loss in the event of a hardware failure and utilise monitoring services to alert the team of any failures affecting users.
Incident response plan ready
We have a process for handling information security events, including escalation procedures, rapid mitigation and communication.
Permissions and authentication
Access to cloud infrastructure and other sensitive tools is limited to authorised employees who require it for their role via SSO or 2FA.
Quarterly access reviews
We perform quarterly access reviews of all team members with access to sensitive systems.
Least privilege access control
We follow the principle of least privilege concerning identity and access management.
Password managers and requirements
All company-issued devices utilise a password manager for team members to manage passwords and maintain minimum password complexity for access.
Annual risk assessments
We undergo at least annual risk assessments to identify potential threats, including considerations for fraud.
Vendor risk management
Vendor risk is determined, and the appropriate vendor reviews are performed before authorising a new vendor.
Looking for something?
If you have any questions, comments or concerns then please contact security team.