Your Data Is Safe With Us

Security
You are here:
  1. Home
  2. Security

Dedicated to data safety and integrity, we work on the guiding principle of opt-in consent and complete transparency. Our secure processes and technology implementations always function on the fundamental premise of regulatory compliance when we access, store or use member data.

Privacy

We do not sell your personal information to or share it with unaffiliated third parties for their advertising or marketing purposes without your consent.

Cloud infrastructure

DWF whistle blower is hosted on a Virtual Private Cloud on Amazon Web Services, a secure and scalable technology platform that ensures secure and reliable services.

Perimeter security

  • We deploy Defence in Depth Architecture using a network firewall, web application firewall and DDOS protection layer. 
  • Our infrastructure is compliant with AWS Well Architected Framework and incorporates practices from the AWS Cloud Adoption Framework from the security perspective
  • Our 3 tier architecture incorporates best practices from various standards and certifications
  • We maintain strict network segmentation and isolation of environments and service

Host security

  • We use industry-leading solutions around anti-virus, anti-malware, intrusion prevention systems, intrusion detection systems, application control, application and audit log aggregation and automated patching
  • All our servers are launched using  the Center for Internet Security Benchmarks for Amazon Linux

Data Security

  • We employ separation of environments and segregation of duties and have strict role-based access control on a documented, authorized, need-to-use basis
  • We use key management services to restrict access to data except the data team
  • Stored data is protected by encryption at rest and sensitive data by application level encryption
  • We use data replication for data resiliency, snapshotting for data durability and backup/restore testing for data reliability.

Incident and Change Management

  • We have deployed mature processes around Change Management which enables us to release thoroughly tested features for you reliably and securely so that you enjoy the  DWF Whistle Blower experience with maximum assurance
  • We have a very aggressive stance on Incident Management on Systems downtime as well as Security and our Network Operations Center and Information Security Management System swiftly reacts, remediates or escalates incidents arising out of planned or unplanned changes.

Vulnerability Assessment and Penetration Testing

  • We have an in-house network security team that uses industry-leading products to conduct manual and automated VA/PT activities
  • We employ both static application security testing and dynamic application security testing which is incorporated into our continuous integration / continuous deployment pipeline
  • DWF commissions an independent 3rd party auditor who goes through the system & application and highlights any security issues. These security issues are fixed and auditors re-verify them.