Enterprise-grade security practices designed to protect your asset data
Inspectr is actively pursuing SOC 2 Type II and ISO 27001 certification. Our security practices are aligned with the principles of both frameworks today, and our policies are reviewed and updated annually.
We maintain formal Information Security, Incident Response, and Business Continuity & Disaster Recovery policies. Copies are available to prospective and current clients under NDA.
Our comprehensive security program covers every aspect of how we build, operate, and protect the platform.
All data is encrypted at rest and in transit (TLS 1.2+, AES-256). Production systems are hosted in SOC 2 Type II and ISO 27001-certified cloud infrastructure with geo-redundant backups, continuous replication, and defined recovery objectives (RTO: 2-4 hours, RPO: <15 minutes for core platform services). Access is governed by least-privilege principles with mandatory MFA on all critical systems.
Our deployment pipeline includes automated SAST/DAST scanning, dependency vulnerability monitoring, and adherence to OWASP Top 10 secure coding standards. All production changes follow formal change management processes. Independent third-party penetration testing is performed periodically, with all findings remediated.
Client data is never used to train shared models. Processing is limited to what's necessary under your agreement - no exceptions. We support data subject rights under GDPR and CCPA/CPRA, including access, rectification, erasure, and portability. International data transfers are governed by Standard Contractual Clauses where applicable. Data Processing Agreements are available on request.
All third-party providers undergo risk-based due diligence before engagement. Contracts include appropriate security, confidentiality, and data protection terms. Critical vendors are reviewed at least annually.
We maintain a documented Incident Response Plan with defined severity levels, response targets (S1 critical: acknowledge <15 min, investigate <30 min), and clear escalation paths. Breach notifications are issued in accordance with GDPR (72-hour window) and applicable contractual requirements. The plan is tested annually through tabletop exercises.
Our BCDR plan ensures service availability through automated backups, geo-separated storage, and tested restoration procedures. Backup integrity is validated quarterly for critical systems. The plan is reviewed and updated annually.