Reliability and care for information security have always been important parts of our mission, where we have always adopted an approach based on the pillars of Trust, Security, Compliance and Transparency.
Our iSend product has been in the market for more than 10 years and we are very proud that over all these years, with the hundreds of customers we have, never in our history has there been a single major security incident. This shows that our security and privacy policies, as well as transparency, have proven to be efficient.
We understand that compliance with data protection regulations (LGPD/GDPR) and other existing standards is a shared responsibility and therefore, we are committed to this compliance in all our iSend services and products.
We are also committed to sharing our expertise around regulatory compliance to help you design the best path for your business to succeed in meeting the privacy requirements of these regulations along with our services and products.
As part of our commitment to partner with you during our journey around the pursuit of security, reliability, compliance, and transparency, we have developed a growing list of actions, policies, and processes that we adopt. These actions offer an overview of our performance in the face of these various initiatives, describe what we are doing, how to prepare ourselves and outline a guide to work on this journey towards excellence in safety. With each new advance, with each new milestone reached, this documentation and the entire set of processes will be updated and will be at your disposal.
Estamos ansiosos para compartilhar atualizações adicionais sobre como podemos ajudá-lo a adequar-se e, durante o processo, aprimorar as proteções de dados pessoais entre nossas empresas. Vamos juntos tornar o ambiente da tecnologia da informação, cada vez mais seguro.
We process the information with the most modern security techniques, through our iSend (www.iSend.com.br) product that take into account SSL, Encryption Passwords, Encrypted Links, among others.
All servers involved in iSend products have encryption enabled, which follow strong cryptographic methods:
– Key algorithm: 256-bit symmetric key To learn more, visit this content
– Key algorithm: 2048-bit RSA Asymmetric Key To learn more, visit this content
– 2048-bit Cryptographic Hashing Algorithms
– We use TLS 1.3 with legacy support for TLS 1.1.
All product modules have mechanisms that restrict the source and destination of data traffic by protecting the internal layers of the application from improper access, where our environments are segregated through VPCs and their subnets. In each subnet there are Security Groups (Microsoft Azure Firewall) with rules that allow only certain origins.
All users of the solution have a unique identity that is not shared with other users. The format of composition and validity of the passwords is parameterizable by users and complies with the criteria described above. Passwords are stored in cryptographic hash form that are protected from unauthorized access.
All application communication interfaces are authenticated through a secure method and protocol where we use HTTPS and access control and permission managed in the application backend.
Access Profiles have mechanisms that allow the creation and assignment of different access profiles for each entity.
We have mechanisms that enable the creation of identity authorization rules and access profiles based on the following attributes:
– Who (identity or access profile)
– What (actions you will perform)
– When (in what time period actions are allowed)
– Where from (origins that are authoritative)
– Which (to which destinations or objects the rule will apply)
– Action (allow or deny access)
All products are accessed by registered users who have parameterization of profiles defined by the customer’s administrator user. There is no external access from other applications, except APIs documented in the product and referenced herein.
We have traceability of the actions performed by users where the main requests and actions of the interface are properly stored.
We also have granular access control by users. All application access rules follow the principle of least privilege, they are denied by default unless explicitly allowed, registered and validated, that is, when a user is registered (Automatically or by Operator) it starts with minimum privileges for the features of the product in question, with the exception of the administrator users of the customers in the tool. Users with more privileges need to have their privileges set granularly.
Our applications properly handle all errors and exceptions securely without causing sensitive data to leak to the user. All error messages are standardized, revealing no data or source code snippets, only error messages and codes.
The products have in their codes a layer of sanitization of sensitive data restricted by permission even before sending to an external source or front-end.
Secure access to the database is through the use of parameterizable queries, the Application Servers have access to the database through a private subnet. Other accesses are only allowed to the company’s IP using an encrypted channel.
Our products have secure mechanisms for the correct maintenance of the information life cycle: production, reception, use, reproduction, transportation, transmission, distribution, destination, archiving and disposal.
– Handling: The information is only handled by authorized users registered in the products
– Storage: All information trafficked/handled on the platform is stored securely. Access to the database and servers occurs in a controlled manner, without direct exposure to the Internet. In addition, with data segregation occurring at the application level, as well as segregation of environments at the network level (with VPCs and their subnets), we have a secure infrastructure for storing information
– Transport: The flow of information on the platform occurs in an encrypted way, where we adopt TLS v1.2 or higher (with a valid certificate) by default in communications (sender and receiver of information). The partners that integrate with us also need to use this encryption, so that we have a completely secure environment
– Discard: All actions performed on the platform, as well as other static files, are stored for a maximum of 1,095 days.
The data produced by a user in software integrated with iSend, is visible only in that integration and context.
Our Web-Services/APIs are built under the SOAP standard and feature:
– Access limits per time interval (rate-limit)
– Sensitive information such as passwords, tokens, and API keys does not appear in the composition of the URI
– This information is transmitted through headers or through the HTTP request body
– All security HTTP headers are included in API request responses and follow SOAP recommendations
– All audit logs before and after security events (e.g., authentication failures, token validation errors, etc.) as well as all calls made through the API are logged.
– OS Web-Services/APIs respond to errors by stating the cause of the errors and with messages that do not reveal the details of the error (e.g., stack trace, application paths and variables, etc.)
– We only expose our Web-Services/APIs externally for business needs, we do not maintain public access pages to these services.
– For validation of response parameters, our applications have in their codes a layer of sanitization of sensitive data restricted by permission even before sending to an external source or front-end
– An API request or response contains the explicitly declared Content-type header.
– The services contain mechanisms that allow you to properly validate all information received from external sources (users or other applications), that is, all parameters and objects sent go through a content and schema verification mechanism.
– All calls from services are authenticated using session tokens.
– All session tokens are obtained through authentication (who?) and authorization (what, how, where and when?), are generated through user credentials and have a TTL (finite validity) of 24h.
To learn more about the SOAP protocol, access this information
The Applications and Data of iSend products are stored on Microsoft Azure Brasil Southeast servers and Message Send servers distributed between Microsoft Azure Brasil Southeast and Amazon Web Services (AWS) – located in the sa-east-1 region (São Paulo – Brazil).
In this way, we have compliance with a vast number of legal and regulatory standards meeting various security requirements and controls described in ISO27001, ISO27017, ISO27018, ISO27701, ISO20000-1, PCI Level 1, HIPAA, SOC 1, SOC 2, SOC 3, TIER 3, CSA STAR – Cloud Security Alliance, among many others.
To learn more about the compliances we have, please visit this additional documentation:
– See in this link how Microsoft Azure compliance works
– See how AWS compliance works in this link
To learn more about Physical Infrastructure and Facilities, visit this documentation
We have segregation between the different layers of the application architecture (e.g., web, application, bank, backup, monitoring, etc.), and the traffic between the layers is controlled by traffic filter.
All elements of the applications support the execution of vulnerability scans to identify security holes that have not yet been mitigated. Our infrastructure can be scanned either remotely (Microsoft Azure and Amazon AWS instances) or locally (Codes, Containers, etc.). We perform Static Analysis of the code of our application on Bitbucked.
We also use Bitbucked as a versioning platform that connects to the container environment and performs a complete scan of our infrastructure.
In addition, we have adopted the best market practices, both in technology and internal processes, not having in more than 20 years of company, a single incident of leakage of any type of information or violation of customer assets.
All of our servers are in our own virtual private network (VPC) with access controls that prevent unauthorized requests from reaching this internal network.
We use good practices for communication with our production servers.
We use jumpservers for the administration of the environment with remote access being performed via SSH (port knocking) and private/public key. We do not use username and password and the root user does not have permission to log in.
All our products have a contingency plan, both for technical and operational issues.
The core infrastructure of the products is hosted on MS Azure Southeast servers with replication in MS Azure South.
To learn more about continence and replication, visit this documentation
We also use, for messaging functionalities (E-mail, SMS, VOICE) scalability through servers that we host on Amazon (AWS) and Microsoft Azure so as not to be dependent on a single supplier.
We have redundancy in the supply of SMS and VOICE with more than one supplier per type of message channel and for the E-mail channel through our own solution.
We have automated backup of all products, applications, databases, contents, etc., performed daily and replicated between the Data-Centers with end-to-end versioning and encryption.
We carry out constant monitoring of our infrastructure (Physical, Network, Deliverability…) in an active way for the detection of anomalies through our specialized team (Owned) relying on systems and tools such as Zabbix, where we keep under control several KPIs in the area.
We have mechanisms for identifying and defending against layer 3 denial-of-service attacks (network protocols) and detection of traffic anomalies.
We have control in our VPC (with security groups) and at layer 7 (application), with request throttling and anomaly detection (alarms via Zabbix).
We also have all the standard Azure protocols for DDOS that can be checked at the link
Only employees with the proper credentials and responsibilities defined by us (Unit Managers) have access to the Infrastructure.
These employees access the infrastructure using two-factor authentication (2FA) on their access accounts.
Each employee has access to only what is necessary for the execution of their tasks.
iSend Platform Accesses: We provide at least three types of Multifactor authentication on our platforms (Email, SMS and Microsoft Authenticator), and all accesses made by users are authenticated using one of these methods. We do not allow access without Multi-Factor Authentication.
We process the information with the most modern security techniques, through our iSend product (www.iSend.com.br) that take into account SSL, Encryption Passwords, Encrypted Links, etc.
Our Application endpoints and APIs have mechanisms that ensure the secure transmission of data based on cryptographic tunnels (TLS 1.3) and TLS/SSL security policies recommended by MS Azure. To learn more, access this content
Intelly’s Risk Matrix is an essential tool for identifying, assessing, prioritizing, and mitigating risks associated with our business operations, technologies, and activities. Its main objective is to ensure SAFETY, REGULATORY COMPLIANCE, and CONTINUITY of OPERATIONS, helping to prevent incidents and protect valuable assets.
In addition, it supports informed decision-making, ensures compliance with legal requirements, and fosters a culture of continuous improvement, adapting to new threats and challenges.
Our risk matrix is critical to protecting our company and our customers’ data from potential threats and ensuring its resilience and sustainability.
Our risk matrix is critical to protecting our company and our customers’ data from potential threats and ensuring its resilience and sustainability.
We work with the following topics in our actions:
1. RISK IDENTIFICATION
2. RISK ANALYSIS
3. RISK TREATMENT
4. MONITORING AND REVIEW
5. RISK MANAGEMENT POLICY
Our matrix has mitigating actions taking into account the impact and probability for each type of risk identified by us. If you want to know more, please contact dpo@intelly.com.br or through our Call Center.
At Intelly and our iSend product, data security is our top priority, and we are committed to full compliance with the General Data Protection Law (LGPD/GPDR). In the event of a security incident, we take the following measures:
– COMMUNICATION AND TRANSPARENCY: As required by current legislation, we notify our client in a timely manner and in the cases applied to the National Data Protection Authority. We then notify the affected data subject, informing them of the measures taken and the actions necessary to jointly restore the security of their data.
– USER COLLABORATION: Security is a shared responsibility. If you identify or suspect a security incident involving our company and the iSend family of products, please inform us immediately by emailing: dpo@intelly.com.br or through our Service Center.
– INTERNAL SECURITY MEASURES: All Intelly employees are trained and oriented on information security practices, ensuring that they are prepared to act effectively in the event of incidents.
– INCIDENT RESPONSE PLAN: In case of information security incidents, we have processes and response plans prepared to meet these important demands. As soon as an incident is proven, our teams begin to apply the protocols and processes carefully prepared for mitigation as soon as possible.
We maintain inventory, reviewed every six months, with software authorized for use by Intelly employees.
We check that the software is being updated and maintained by the manufacturer, through the OCS Inventory tool, to keep our computers safe at all times.
All libraries, dependencies, and frameworks are downloaded from secure sources, inventoried, updated to not have any publicly known vulnerabilities.
We check that the software is being updated and maintained by the manufacturer to keep our computers safe at all times.
The entire scope of our projects is based on the management methodology of the PMI – Project Management Institute. This methodology is internationally adopted as an ANSI standard for Project Management, thus ensuring the quality of the services provided and the certainty that the final product will be adequate to the requirements of the project and fully adherent to the required needs. To learn more, access this content
Login iSend University
Se você é cliente iSend utilize usuário e senha do iSend.
Esqueceu sua senha?
Não é cliente isend?
Para acessar nosso conteúdo gratuito basta criar uma conta.
Criar uma conta
