At InnoFaith Beauty Sciences, safeguarding data is at the core of our mission. We understand the critical importance
of maintaining the confidentiality, integrity, and availability of privacy sensitive data.
ISO 27001 certified
Our ISO 27001 certification solidifies our commitment to stringent security measures across all facets of our operations. We’ve diligently implemented the ISO 27001 framework, ensuring robust controls from data handling and storage to access protocols and risk evaluations.
Underpinning our security stance is a thorough suite of policies and procedures embedded within our Information Management System (ISMS). This system undergoes biannual audits through Information Security Audits, further cementing our dedication to maintaining a secure environment.
For our Sylton cloud services we have taken the following security measurements:
- Latest encryption technologies – We are using the latest 128-bit and 256-bit encryption technologies which are practically unbreakable.
- End-to-end encryption – The date is not only encrypted in the cloud but as well on the iPad and during transportation.
- The data in the cloud is stored redundant on three separate locations and will continue to work should any of those data centers fail.
- Pen-test and vulnerability scanning – We are using third-party security tools to scan for vulnerabilities continuously. Periodically we engage third-party security experts to perform detailed penetration tests on the Sylton application and infrastructure.
GDPR and HIPAA
We are GDPR and HIPAA compliant and follow the following measurements:
- Users can choose from four separate locations to store their data. Frankfurt, North Virginia, Mumbai, or Sydney. The server nearest to our customers is set as the default.
- Incident response – from the unlikely event of a security breach Sylton has implemented a protocol for handling these events, including escalation procedures, rapid mitigation, and post-mortem.
- Audit trail – on the request of the customer Sylton can produce audit logs for all activity.
- DPIA – Sylton performs DPIA’s (Data Protection Impact Assessments) whenever the data processing potentially can result in a high risk to the rights and freedoms of individuals.
Permissions and Authentication
- Access to our systems and customer data is limited to authorized employees who require it for their job.
- We have strong password policies to protect access to cloud services.
- Sylton is served 100% over HTTPS.
The Human Firewall
Every year, our entire staff undergoes comprehensive Security and Awareness training sessions. Our employees participate in a recurring security awareness program, receiving multiple training sessions throughout the year. Additionally, confidentiality agreements are an integral part of every employee’s contract, further emphasizing our commitment to maintaining confidentiality and security across the board.