When it comes to security and privacy, we believe in transparency. We work with some of the world’s most regulated companies, and have created a platform that meets their strictest privacy and security requirements.
Decibel has adopted information security principals that are compatible with our enterprise client’s requirements across industries including financial services, telecommunications and healthcare. Examples of security controls include:
Use of strong encryption, including 256-bit HTTPS connections, two-way 256-bit TLS and 256-bit AES encryption.
Enforcement of tight access control systems, limiting access to customer data even to Decibel employees.
Separation of customer account data and user permissions are baked in at every level in the software stack.
Our "secure by design" approach reduces the likelihood of accidentally introducing security issues in future releases.
For more information about our security posture, get in touch and we will send you a copy of our full Security & Privacy Whitepaper.
In addition to the security provided through the Decibel hosting environment and our operational policies, there are many additional protective capabilities built into the application itself, available to all our customers:
Auditing of authentication, data access and configuration changes
Single sign-on (SSO)
Two-factor authentication (2FA)
IP address access control
Data centres used for processing and storage of data are operated by our enterprise data facility partners and are compliant to ISO 27001 and SSAE 16 standards. Our partners provide support to the virtualization level only and have no logical access to our client’s data. Our data centres are compliant with SOC 1, SOC 2, SOC 3, ISO 9001, ISO 27001 and PCI DSS.
Decibel is ISO 27001 compliant. This demonstrates our commitment to information security at every level of the organization.
ISO 27001 is an overarching management process to ensure that information security controls are in place on an ongoing basis. ISO 27001 certifies that Decibel has completed a rigorous evaluation of information security risks and implemented suitable mitigating controls.
More information about ISO 27001 is available here.
Decibel Insight, Inc. complies with the EU-U.S. Privacy Shield Framework and the Swiss–U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. This ensures the same level of protection for any personal data as would be expected within the European Union.
More information about Decibel Privacy Shield Framework is available here.
Decibel complies with the General Data Protection Regulation regarding the processing of personal data of people in the European Union.
See our CTO’s article on GDPR.
Decibel is Cyber Essential Plus Certified. Cyber Essentials is a Government-backed, industry-supported scheme to help organisations protect themselves against threats.
More information about Cyber Essential Plus is available here.
Decibel regularly commissions independent third-party security experts to undertake penetration tests our application and infrastructure. We also have a significant list of compliance certifications for the Decibel platform. Each certification means that an independent auditor has verified that specific security controls are in place and operating as intended.