Facilities & Computer Security Policies

Last Update: 10/04/2018

Facilities, service quality & physical security systems

We are equipped with the best facilities, quality controls and certifications.

  • We have in-house offices for our staff with the best facilities, concierge services, emergency exits and all security protocols required for the safety of our staff.
  • Our staff has to sign comprehensive agreements where they are duly informed about the importance of the data they are have access to, their sensitivity, and privacy. Moreover, to prevent potential data leakages, we have IT security systems and specific procedures.
  • The company Qualtis runs extensive occupational risk prevention controls to our company, with National Accreditation CM 8/98.
  • We have an internal protocol to manage all issues related to IT security and content preservation with a strict control of the access staff has to our physical security systems.
  • Reducing the use of paper, recycling, and minimizing the consumption of energy is one of our core policies.

We have 5 dedicated servers and in-house RACK in a datacenter with the best security measures and quality protocols.

  • AENOR UNE-EN ISO 90001 Certification.
    ISO9001
  • Support and on-site assistance 24/7/365
  • Load control and balancing
  • Access supervision via identification number and fingerprint authentication to improve data protection.
  • Own rack, properly shut with key control system.
  • 100% SLA energy
  • Increased security, redundancy and resilience of the service due to easiness to configure multiple technological options.
  • DDoS mitigation
  • Multiple interconnection services

IT Security policies

We work very hard to follow the highest quality and IT security protocols in all our contents, databases, and user controls.

  • Let’s Encrypt: certificate authority that provides X.509 certificates for Transport Layer Security encryption at no charge.
  • MD5 encryption to protect all passwords and other data in our database.
  • Security control and SSL o TLS encryption for the delivery or reception of emails.
  • We perform a daily double backup (internal RACK) of our databases and files, with the subsequent encryption.
  • We perform a daily external backup with the subsequent encryption to prevent the loss of data in the event of major disaster of the RACK.
  • We have 5 dedicated in-house, high-end servers
  • Rapid Storage SSD Technology enterprise for an improved access to data and rapid management of backup copies.
  • FTP access control by IP blocks any access if the IP has not been authorized.
  • Database access control by IP blocks any access if the IP has not been authorized.
  • Spare servers connected 24 hours and server mirroring to prevent missed internet connections and service failures
  • Enhanced password system for users with access to administrative information or sensitive data.
  • Data access registry. We register all accesses to sensitive data by storing the IP, user, time, browser, and data accessed to identity potential inadequate use patterns and warn about an inappropriate use.
  • Wordfence Security.
  • Real-time Firewall Protection.
  • Real time IP Blacklist and malicious IPs Security.
  • Brute Force Protection
  • Extended PHP protection – All PHP petitions are processed by the Firewall system before being executed.
  • Whitelisting for private networks
  • Security control and scanning in case of file uploading by FTP.
  • XSS Cross Site Scripting security control
  • Directory Traversal security control
  • LFI: Local File Inclusion security control
  • SQL injection security control
  • XXE External Entity Expansion security control
  • HTML injection in inline JavaScript
  • Blockage system in case of non-identified crawlers
  • Prevention in case of users ‘/?author=N’.
  • Malware scan 3 times a day in databases, and once daily in files.

Connectivity control

  • Access control and internal server control every 5 minutes.
  • We have 15 proxies in 15 different countries and perform thorough connectivity and routing controls internationally.
  • Spamvertising check

Privacy and compliance with the GDPR

inviTRA complies with the newest Law and the General Data Protection Regulation (GDPR), applicable from 25 May 2018 across the European Union. This quality control has been audited and certified by GOVERTIS ADVISORY SERVICES, S.L. located in Av. Cortes Valencianas, 58 – 8º – 6º 46015 – Valencia.

Moreover, as an additional measure of quality control, we register all activities concerning the treatment and register of files behind the appropriate Control Authority whenever medical data (relative to medicine and health treatments) is processed.

We use own cookies and third party cookies to offer you personalized ads and gather statistical data. If you continue the navigation we understand that you accept our cookies policy.