Data privacy and
cloud security with
Whispir
Security and the protection of privacy is of the utmost
importance to Whispir.
We continue to invest a significant
amount of time and resources to secure the Whispir
platform, customer data entrusted to us, and our operations
and network communications.
Compliance certifications
Whispir’s operational practices are embedded within
an Information Security Management System that is
both ISO/IEC-27001:2013 and ISO/IEC-27018:2019
certified. Whispir adopts a comprehensive approach
towards managing its information security program.
We ensure that appropriate measures are in place to
protect customer data and privacy.
Security attestation
Whispir has completed a detailed security
questionnaire and assessment via CyberGRX, a
leader in Third-Party Risk Management. Whispir’s
assessment was independently validated by
CyberGRX partner, KPMG. Assessment results allow
customers to gain assurance over Whispir’s
information security program at the security control
level. The assessment also provides advanced
capabilities by integrating Whispir responses with
analytics, threat intelligence, and sophisticated risk
models, based on known breach kill chains, to
provide a dynamic and an in-depth view of Whispir’s
security posture.
Security affiliations
Our Security Industry Affiliates: ACSC Partner (Australian Cyber
Security Centre), OWASP, AWS.
We align and collaborate with industry leaders for security, privacy,
and compliance to ensure we are operating in parallel with
evolving industry best practices.
Report a vulnerability
We actively encourage engagement with the security research
community, our customers and the wider public to report
vulnerabilities in our products to us. Whispir recognizes those who
contribute to keep Whispir safe.
Key features
Access control
Only a limited set of staff who demonstrate the strict need-to-
access Whispir data and systems are provided access. Principle of
least privilege is enforced.
Data encryption
TLS 1.2 is enforced for Data in-transit. AES-256 encryption is used
to implement encryption Data at-rest. AWS capabilities are used
for managing and securing encryption keys. Your passwords are
hashed and stored securely.
Security incident response
Whispir aligns its security incident response processes to NIST
guidelines for incident handling. Our dedicated security team has
access to a combination of best of breed security tooling, clear
incident triaging criteria and incident playbooks to effectively
handle and coordinate a response to a security incident. The team
also has on-demand access to external expertise to augment
security incident response, coordination, and forensics
capabilities. Comprehensive logging and monitoring of our
platform and its cloud infrastructure enables quick identification
and response to potential security incidents.
Vulnerability management
Whispir maintains a comprehensive vulnerability management
program using technology and processes to effectively identify,
triage and remediate vulnerabilities and misconfigurations
according to the risk it presents. This is a key aspect of our
ISO27001 certification that is independently audited. We have best
of breed tooling to identify software assets across our production
and end-user computing environments and conduct regular
vulnerability scanning that includes web application and host
scanning as well as static application security testing. We also
conduct penetration testing prior to significant IT changes and
maintain a Responsible Vulnerability Management Policy on our
public website that encourages researchers to disclose vulnerabilities identified in a responsible manner.
Privacy
As a global entity, Whispir has a range of different obligations in its
operating jurisdictions and commits to meeting those obligations,
including but not limited to requirements outlined in the Australian
Privacy Act 1988, the EU General Data Protection Regulation
(GDPR), the Personal Data Protection Act (2012) of Singapore,
California Consumer Privacy Act (CCPA), and the New Zealand
Privacy Act (2020). Please see our Privacy Policy and Terms of
Service.
Privacy by design
Whispir adopts the model recommended by the Office of the
Australian Information Commissioner (OAIC) for carrying out
privacy impact assessments when we build new products, services,
or implement a new process, or when we change an existing one
where personal information is involved.
Data sovereignty
Customers have the option to choose the region or territory where
the customer's Whispir account be based in. Once the customer is
homed to a specific Whispir environment, customer's data does not
leave that Jurisdiction.
Human resources security
Whispir human resource security management processes ensure
that background verification checks are performed for all
employees. All staff and, where relevant, contractors and third-
party personnel receive security awareness training on Whispir
security policies, standards and guidelines, and prevailing security
risks.