Certified Medical Magazine by WMA, ACSA, HON
Facilities & Computer Security Policies
7
0

Facilities & Computer Security Policies

Last Update: 10/28/2020

EUREKA FERTILITY (inviTRA) provides measures to maximize computer security and protect user data as detailed below.

Facilities, service quality & physical security systems

We are equipped with the best facilities, quality controls and certifications.

  • We have in-house offices for our staff with the best facilities, concierge services, emergency exits and all security protocols required for the safety of our staff.
  • Our staff has to sign comprehensive agreements where they are duly informed about the importance of the data they are have access to, their sensitivity, and privacy. Moreover, to prevent potential data leakages, we have IT security systems and specific procedures.
  • The company Qualtis runs extensive occupational risk prevention controls to our company, with National Accreditation CM 8/98.
  • We have an internal protocol to manage all issues related to IT security and content preservation with a strict control of the access staff has to our physical security systems.
  • Reducing the use of paper, recycling, and minimizing the consumption of energy is one of our core policies.

We have 5 dedicated servers and in-house RACK with the best security measures and quality protocols.

  • NIXVAL NEUTRAL INTERNET
  • AENOR UNE-EN ISO 90001 Certification.
  • Support and on-site assistance 24/7/365
  • Load control and balancing
  • Access supervision via identification number and fingerprint authentication to improve data protection.
  • Own rack, properly shut with key control system.
  • 100% SLA energy
  • Increased security, redundancy and resilience of the service due to easiness to configure multiple technological options.
  • DDoS mitigation
  • Multiple interconnection services

IT Security policies

We work very hard to follow the highest quality and IT security protocols in all our contents, databases, and user controls.

  • Comodo SSL is a standard security protocol which establishes encrypted links between a web server and a browser.
  • MD5 encryption to protect all passwords and other data in our database.
  • Security control and SSL o TLS encryption for the delivery or reception of emails.
  • We perform a daily double backup (internal RACK) of our databases and files, with the subsequent encryption.
  • We perform a daily external backup with the subsequent encryption to prevent the loss of data in the event of major disaster of the RACK.
  • We have 5 dedicated in-house, high-end servers
  • Rapid Storage SSD Technology enterprise for an improved access to data and rapid management of backup copies.
  • FTP access control by IP blocks any access if the IP has not been authorized.
  • Database access control by IP blocks any access if the IP has not been authorized.
  • Spare servers connected 24 hours and server mirroring to prevent missed internet connections and service failures
  • Enhanced password system for users with access to administrative information or sensitive data.
  • Data access registry. We register all accesses to sensitive data by storing the IP, user, time, browser, and data accessed to identity potential inadequate use patterns and warn about an inappropriate use.
  • Wordfence Security.
  • Real-time Firewall Protection.
  • Real time IP Blacklist and malicious IPs Security.
  • Brute Force Protection
  • Extended PHP protection – All PHP petitions are processed by the Firewall system before being executed.
  • Whitelisting for private networks
  • Security control and scanning in case of file uploading by FTP.
  • XSS Cross Site Scripting security control
  • Directory Traversal security control
  • LFI: Local File Inclusion security control
  • SQL injection security control
  • XXE External Entity Expansion security control
  • HTML injection in inline JavaScript
  • Blockage system in case of non-identified crawlers
  • Prevention in case of users ‘/?author=N’.
  • Malware scan 3 times a day in databases, and once daily in files.
  • LSCache System

Connectivity control

  • Access control and internal server control every 5 minutes.
  • We have 15 proxies in 15 different countries and perform thorough connectivity and routing controls internationally.
  • Spamvertising check