Our team includes people who’ve played lead roles in designing, building and operating highly secure Internet facing systems. We have people with experience working with large and enterprise systems. Our team is the right team to ensure you have a safe place to do business online, and that you can securely and seamlessly integrate your data with your systems.
We use Google Cloud and Amazon Web Service to host our systems and data. The data centres we use all have SOC2 Type 2 reports, and provide all the physical security protection measures you would expect. Further information on the security measures taken by these cloud providers be found here:
We have an automated build process so that we update our application safely and reliably within minutes. We often deploy dozens of times a day. We can rollout security updates quickly whenever they are required.
All data sent to iStockist is encrypted in transit. Our API and application endpoints are TLS/SSL only. iStockist scores an “A” rating on SSL Labs’ tests. We only use strong cipher suites.
We use technologies such as Stackdriver to monitor our infrastructure and the iStockist application.
We use two-factor authentication whenever possible and ask our customers to enforce two factor authentication in their iStockist accounts. We discourage use of shared accounts on any system. We monitor and review which accounts can access our systems and the permissions they have regularly.
Our corporate network has no backdoors into our production systems.
We educate all staff and encourage forward-thinking discussion on security procedures and policies.
iStockist includes advanced security features to allow organizations to manage their users, customers and wholesale ecommerce data with full control. Alongside system features like active monitoring and password quality checking, organizations get self-service features like the ability to:
iStockist does not store or process payments. In fact, all credit card payments made on iStockist powered wholesale ecommerce sites goes through our partner, Stripe, using Stripe Connect. Details about their security setup and PCI compliance can be found at Stripe’s security page.