How we maintain cloud security for your sensitive EHS data.
This page contains information about various standards and regulations, our approach to privacy and security, and reporting deficiencies to us. If you are looking for more information, please click on Learn More to make a request to our team.
ISO 27001, also known as IEC 27001, is a compliance standard that specifies the requirements for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS) within the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. StarTex Software, the company behind EHS Insight, is 100% compliant without exception with each specification for Information Security Management Systems. ISO 27001:2013 and ISO 27017:2015 certificates available.
In 2014, the American Institute of Certified Public Accountants (AICPA) Assurance Services Executive Committee (ASEC) released the revised version of the Trust Services Principles and Criteria (TSP). SOC (Service Organization Controls) is an audit framework for non-privacy principles that include security, availability, processing integrity, and confidentiality. Our hosting provider, AWS, has both SOC 2 and SOC 3 reports. The SOC 3 report is available for download without a nondisclosure agreement. The SOC 3 confirms compliance with the principles of security, availability, processing integrity and confidentiality.
On May 25, 2018, a new landmark data protection law called the General Data Protection Regulation (GDPR) came into effect. The GDPR unifies data protection rules across the EU and creates new obligations on the protection and handling of personal data, including security requirements and stronger rights for individuals with regard to their personal data. We are committed to complying with the GDPR and supporting our partners and customers in their efforts to comply with the GDPR. See more at this link.
Some people fear the cloud is risky, with hackers grabbing data day and night. To the uninformed, it seems obvious that keeping data safe requires it be kept in a self-controlled environment. To some that means on-site and away from the cloud. But is there any truth to this idea?
Not much, really. While it's theoretically possible to hack into the cloud, data stored in on-site servers is exposed to the same risks as data stored in the cloud. The simple truth is that the cloud has proven itself to be a reliable and secure choice for even the largest businesses, with more than half of enterprise companies noting that cloud infrastructure is a more secure data solution than legacy systems.
EHS Insight delivers market-leading EHS software capabilities in a secure, trustworthy manner. Here’s a document that shows how we do it, and here are some highlights:
Secure infrastructure – EHS Insight runs on Amazon Web Services (AWS) services. The AWS infrastructure puts strong safeguards in place to help protect your privacy. All data is stored in highly secure AWS data centers. AWS manages dozens of compliance programs in its infrastructure, all aimed at helping keep all customers’ data safe. All EHS Insight data is encrypted in transit and at rest. All data storage is located within the USA.
Secure development – EHS Insight is developed in-house, following strict policies and procedures to ensure the application is secure.
Monitoring – With 24x7 operational support and monitoring, EHS Insight data is protected under the watchful eye of security experts, who focus on always knowing exactly what important actions are occurring inside our system as they happen. Significant events are quickly posted to our status page (status.ehsinsight.com) to inform customers.
Multitenancy – The EHS Insight solution’s multitenant platform ensures users only access their own organization’s information. Using unique organization identifiers ensures your data is available only to those who are authorized to access it.
Authentication and encryption – EHS Insight security keeps up with changes occurring on the Internet. For instance, support for older HTTPS protocols and ciphers (TLS 1.0 and DES-CBC3-SHA) was dropped back on April 30, 2017. Requiring TLS 1.2 for browser encryption helps us keep our customer’s data safe. As technology continues to advance, so do the threats facing digital security. The included EHS Insight native applications also utilize these technologies. To enhance data security our customers can enable two-factor authentication (2FA). We handle all encryption so you don't have to worry about it, but you may feel at ease knowing we apply rigorous controls to ensure at least AES 256 is used for any Customer Data stored by us.
Network access control – EHS Insight leverages several security technologies and services to increase privacy and control network access. Although the cloud is an open environment, we recognize that one of the best ways to protect data is to keep it isolated. We host our customer data in an environment that is completely secure and uses advanced technology to prevent all unauthorized access. Multiple layers of security provide a significant roadblock to hackers.
Data privacy – Every organization must protect data. Some have different requirements than others. Many organizations must comply with the General Data Protection Regulation (GDPR), an EU regulation that expands the protection of personal data of EU citizens. GDPR also expands the obligations of organizations who collect or process that data. The goals of the GDPR are to increase transparency and fairness in the handling of individuals’ personal information. Personal data is any information relating to an identifiable individual. To learn more about the steps EHS Insight has taken to meet the data transparency goals of the GDPR, visit our page dedicated to the topic. This continues our practice of protecting your data and providing for the legal and secure handling of your organization’s critical business information. You may review our public security policy here.
In summary, cloud security at EHS Insight is the highest priority. As an EHS Insight customer, you will benefit from secure coding practices, operations policies, data center design, and network architecture all built to meet the requirements of the most security-sensitive organizations.
We take security very seriously. If you find a security vulnerability, we ask you to responsibly disclose the details to us.
Deliver a world class solution in days or weeks instead of months or years. This is a game changer. Gone are the days with half your budget tied up in just getting the solution to work. EHS Insight enables you to change as little as you like, saving money for other investments.
The other guys make you pay for what should be out-of-the-box. Just getting the solution to run costs you a lot of money. EHS Insight can be up and running for little or no implementation fees. That changes your ability to control costs. Put your money to work as smart as possible.
Our solution works on mobile with no extra work. Available on the most popular mobile application stores, you can install the app and be up and running in minutes. All you need is an account on EHS Insight and you are good to go.
Spend less than you think to get a comprehensive solution.
Be up and running in much less time thanks to standard templates.
Get the help you need during implementation and after.
"We chose EHS Insight as the tool for organizing our Incident Management processes due to its customizable nature. The forms and workflows were designed to have the look and feel of the processes we had already established."
"The key for me has been the transparency provided because it helps raise awareness and accountability. Our users report that the system is easy to use and that makes a huge difference."
"Best decision this company has ever made. Everything HSE related is at my fingertips 24/7. This software has allowed me to streamline my processes so that I can put effort into improving real life actions and not have to spend hours in front of a computer screen."