We’re committed to your security and keep it at the heart of our products, infrastructure and policies to protect your accounts and data.
WiseAlpha uses the most sophisticated technologies and best practices available to ensure that our technology stack, accounts and data, as well as networks and physical access across our organisation have the highest security and privacy.
WiseAlpha sets policies and controls, oversees adherence to these controls, and demonstrates our security and compliance to external auditors.
Our policies are based on the following principles:
WiseAlpha maintains a SOC 2 Type II attestation and an ISO 27001 compliance certification.
WiseAlpha leverages the built-in security services of AWS (ISO-27001 compliant) and adds additional protections. We use dedicated, redundant firewall and intrusion detection systems, separated and managed environment instances, proactive 24/7 system monitoring and regular Internet security and vulnerability testing including:
WiseAlpha also uses multi-factor authentication, role-based account access, as well as HTTPS (TLS 1.2>) for communications.
With industry-standard data protection, all data in transit and rest that interconnects with our datacenters is automatically encrypted, including encryption using 256-bit Advanced Encryption Standard (AES). Firewalls, Data Loss Prevention (DLP) and close log and activity monitoring are added protection. Your data is only accessed by those who use it. Encryption keys are managed via AWS Key Management System (KMS. Application secrets are encrypted and stored securely via AWS Secrets Manager and Parameter Store, and access to these values is strictly limited.
WiseAlpha ensures that our technology stack, accounts and data, as well as networks and physical access across our organisation, have the highest security and privacy. Data access is limited by role, least privilege and need to access according to data protection regulations and contract agreements. We use background checks, staff training, policies and independent, comprehensive compliance audits to verify security.
Security at WiseAlpha is everybody's responsibility. We utilise a dedicated security and compliance team and tooling that provides ongoing guidance and continually advances security. WiseAlpha uses security awareness, training and regular assessments to build in security. Protecting the organisation also includes backup, business continuity and disaster recovery practices. All corporate devices are centrally managed and are equipped with mobile device management software and anti-malware protection. Endpoint security alerts are monitored with continuous coverage. We use MDM software to enforce secure configuration of endpoints, such as disk encryption, screen lock configuration, and software updates.
WiseAlpha builds security controls into our software. We implement secure SDLC practices, encrypted password storage, tightly controlled and monitored access to development, testing and operational environments. Multi-factor authentication is used for all system access and for SSO and integrations we support industry standards like OpenID Connect and SAML.