Security & Resilience

For extra peace of mind

Whispir is provided as a fully-hosted and managed service in the cloud. The platform operates independently from everyday systems via our internationally-distributed infrastructure. And because Whispir is developed and managed in-house, ongoing specialist support is always available.

For added security and resilience, we use:
  • multiple data centres that are geographically separated
  • fully redundant and scalable hardware components
  • multiple delivery paths for data and communications
  • multiple independent carrier connections
  • high-volume messaging capacity
  • advanced system monitoring.

How your data is protected

Secure connections

All connections to Whispir are secured via SSL/TLS. Any attempt to connect over HTTP is redirected to HTTPS.

Application security

We use secure development best practices that integrate security reviews throughout design, prototype, and deployment.

Customer data protection

All data is classified as confidential and treated as such. Sensitive production data is obfuscated as soon as it leaves the production network.

Back-ups for business continuity

Your data is continuously replicated between our data centres at approximately 5-minute intervals. We undertake partial and full backups multiple times per day, protected with strong encryption on disk. Backups are held for 7 years.

Hardened operating system

Whispir runs on hardened Linux servers. Externally exposed critical patches are addressed within 24 hours.

Data centre security

Whispir's multiple, off-site data centres provide 24x7x365 video surveillance, strict photo and/or biometric ID, personnel access controls and detailed visitor entry logs.

Internal and third-party testing

Whispir runs periodic internal and external vulnerability scans and penetration tests. Third-party firms are utilised to perform in-depth security reviews.

Strict separation between application and data

Our web application servers are physically and logically separated from servers that store customer data.

Additional security tools

Password policies

Administrative controls allow the definition of password policies for length, expiry and complexity to mirror your corporate password policies.

Logical firewall

You can choose to restrict access to a specified IP range so that your network is only accessible at designated physical locations or through your organisation’s VPN.

Contact management

Whispir supports secure contact data integration with a range of third party systems such as SAP and Peoplesoft.

Cross border data flows

Data centres in United States, Singapore, Australia and New Zealand

To enable organisation to hold confidential data within their preferred environments and reduce data flows between countries, Whispir has two data centres in each of these locations.

ISO 27001 Certified

Whispir is certified under ISO 27001 - the global standard for information security management systems (ISMS). We are audited regularly in accordance with the standard by the British Standards Institute (BSI).