Security
Product security
Permissions
We enable different permission levels within Property Inspect to be set for your teammates. Permissions can be set based on the role type the user needs.
Password and Credential Storage
Property Inspect user credentials are stored using a PBKDF function (bcrypt).
Uptime
We have uptime of 99.9% or higher.
Network and application security
Data Hosting and Storage
Property Inspect services and data are hosted in Amazon Web Services (AWS) facilities (eu-west-1) in Ireland.
Property Inspect Passes the AWS Foundational Security Best Practices v1.0.0 and CIS AWS Foundations Benchmark v1.2.0. The Center for Internet Security (CIS) AWS Foundations Benchmark v1.2.0 is a set of security configuration best practices for AWS. The AWS Foundational Security Best Practices standard is a set of automated security checks that detect when AWS accounts and deployed resources do not align with security best practices. The standard is defined by AWS security experts.
Failover and DR
Property Inspect was built with disaster recovery in mind. All of our infrastructure and data are spread across 3 AWS availability zones and will continue to work should any one of those data centres fail.
Database’s are set up across availability zones and also have read replica’s with 15 minute point in time recovery.
Virtual Private Cloud
All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests getting to our internal network.
Web Application Firewall
All Web and API traffic is routed through an Application Load Balancer using AWS WAF.
WAF monitor’s all web requests to protect our application and API from common web exploits and attacks and mitigate DDOS Attacks.
Back Ups and Monitoring
On an application level, we produce audit logs for all activity, ship logs to Papertrail for analysis and use S3 for archival purposes. All actions taken on production consoles or in the Property Inspect application are logged.
Our Web Application Firewall logs are streamed into AWS Kinesis Firehose to process and analyse log’s.
All code is stored and maintained with a distributed version control system which has built in tools to scan for any malicious code every time something is committed to the repository.
Database’s can be restored in 15 minute periods and AWS stores backups for 30 days. Encrypted database backups are also regularly backed up off site securely.
All images / videos are stored in AWS S3 with versioning enabled and also backed up hourly to Google Cloud Storage.
We use Alertra service to monitor accessibility issues with our application across the world.
Permissions and Authentication
Access to customer data is limited to authorized employees who require it for their job. Property Inspect is served 100% over https. Property Inspect runs a zero-trust corporate network. There are no corporate resources or additional privileges from being on Property Inspect network. We have SAML Single Sign-on (SSO), 2-factor authentication (2FA), and strong password policies on GitHub, Google, AWS, Postmark, Intercom and Property Inspect Admin to ensure access to cloud services is protected.
Encryption
All data sent to or from Property Inspect is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL only and score an “A+” rating on Qualys SSL Labs‘ tests. This means we only use strong cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled. We also encrypt data at rest using an industry-standard AES-256 encryption algorithm.
Vulnerabilities
Property Inspect uses AWS set of security tools to continuously scan for vulnerabilities and use AWS Security Hub to maintain AWS Security best practices. Our dedicated security team responds to issues raised.
Automatic Code Deployments happen on a regular basis which reduces the risk of any malicious code from running for long periods of time, if it somehow did get onto a server.
Incident Response
Property Inspect implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our policies.
Additional Security features
Policies
Property Inspect has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
Confidentiality
All employee contracts include a confidentiality agreement.
PCI Obligations
All payments made to Property Inspect go through our partner, Stripe. Details about their security setup and PCI compliance can be found at Stripe’s security page.
Emails
All system emails are sent via a 3rd Party application called Postmark. Postmark is responsible for sending emails and ensuring deliverability is at its best.