Data Security and Integrity
Last updated: March 2022
We understand that the security and integrity of the data which our customers provide us with is paramount and a primordial reason why they decide to use the Sensat suite of products and services.
Accordingly, Sensat aims to abide by the highest information security and privacy standards in order to provide peace of mind to all of its client base.
As a SaaS company, Sensat strives to meet the required security standards to protect its customer base from security vulnerabilities and puts in place security measures, policies and procedures to comply with applicable data security standards.
To this end, Sensat is both Cyber Essentials and ISO 27001:2013 certified, with more certifications to follow as the Sensat group grows.
Applicable certificates are available upon request. In addition, in certain circumstances, a summary of the latest penetration test can be made available under Sensat NDA.
For these purposes, and unless otherwise defined herein, defined terms shall have the meaning given to them in the Sensat Platform Terms.
How does Sensat handle and process Customer Materials?
- Access: Customers and their respective Users have access to the Customer Materials via the Sensat Platform. Customers can control who can view, edit, upload and download any information or data based on their applicable credentials and permissions. In addition, suitably-trained Sensat personnel handle and process Customer Materials for the purpose of providing the relevant services and ensuring Customers receive an outstanding customer and user experience.
- Transfer: Data and Customer Materials are transferred over secure HTTPS connections, with industry-standard high-grade TLS 1.2+ encryption and strong ciphers. We limit the duration of Platform sessions and will automatically log Customers and Users out of the Sensat Platform after a certain time (namely 3 days of inactivity and 7 days regardless of activity).
- Back-up: Sensat handles and process two types of Customer Materials or data: (1) data stored in Amazon S3 (e.g. maps, point clouds, uploads etc) and (2) metadata relating to Customers and Users (e.g. comments, tags, markups etc) which is stored in a MongoDB database. Remedial mechanisms are in place in both instances in the event of accidental deletion of any such data. In addition, MongoDB is configured with continuous backups, permitting a swift restore (meeting a recovery point objective of 1 minute) to any point in time within the relevant backup window.
- Storage: Sensat hosts Customer Materials and data primarily in Amazon Web Service (“AWS”) data centers that have been certified as ISO 27001, PCI DSS Service Provider Level 1, and/or SOC 2 compliant. AWS infrastructure services include a number of features which help protect their servers and, therefore, Customer Materials. Sensat uses AWS data centers in the eu-west-2 region (London) for both main and backup purposes (unless a different region is specifically requested by a Customer).
- Network security: The Sensat network is protected via key AWS security services and network intelligence technologies. In addition, we run extensive internal scanning as well as regular penetration tests across the Sensat Platform using a selection of advanced automated attack tools with authenticated and unauthenticated sessions, both with active and passive scanners.
- Encryption: All communications with Sensat UI and APIs are encrypted via industry-standard HTTPS/TLS (TLS 1.2 or higher) over public networks, which ensures that all traffic between Customers/Users and Sensat is secure during transit. No Customer Materials or data is stored on local disks, any Customer Materials uploaded to the Sensat Platform are stored on AWS in the United Kingdom (unless a different region is specifically requested by a Customer). All project and user metadata is stored in databases with encrypted disks. Only a select few Sensat personnel have access to the database for maintenance purposes.
- Software security: The Sensat Platform development life cycle includes automated checks against all known vulnerabilities of all used software dependencies, which produce automated patches and version updates. This is reinforced also via manual code reviews.
- Segregation of customer data: The Sensat Platform stores all the assets relative to a project in a separate location. Every request to any asset for a project is signed against the authenticated user session, and protected by AWS Cloudfront signed URLs and signed cookies. The request signature is only valid for a few seconds, so it cannot be replayed.
- Disaster Recovery: In the event the Sensat Platform becomes unresponsive (due to deployment or code change issues for example) there is a rollback mechanism to restore the previous working setup. Sensat teams also run an internal post-mortem analysis, to correct errors and prevent any such future occurrences. In the event of database data loss or unresponsiveness, the last backup is restored with minimal downtime.
See Sensat in action
Better data. Accurate pricing. More innovative solutions.