
Security and Compliance
Our security practices
SPARETECH pursues a layered security approach. Our team continues to make investments so you can use SPARETECH with confidence.
- Access monitoring: SPARETECH tracks user activity on important production systems. This includes keeping records of when people log in (successful or failed attempts), what applications they use, and any changes made by administrators or to the system. Logs are ingested into our solution for automated logging/alerting capabilities.
- Backups enabled: We back up all customer and system data at least every day. These backups are protected with encryption and we constantly monitor them to ensure they're working properly.
- Data deletion: Customer data is deleted upon termination of contract within 60 days or explicit request.
- Encryption at rest: Customer data is encrypted at rest. This includes Databases and Backups.
- Encryption in transit: Data sent in-transit between customer browser and the SPARETECH application is encrypted using TLS 1.2+.
- Physical security: Our application runs on Amazon Web Services (AWS) data centers. AWS handles all physical security for their facilities. You can learn more about the AWS security measures here.
- Logging and Monitoring: All of our production systems have logs and monitoring. We pay attention to both daily, and on top of this we generate automatic alerts from anomalies. We use an incident response process to respond to alerts.
- Security Patches: We regularly check our systems and products for security weaknesses. When we find problems, we fix them based on their criticality.
- Employee training: Security training is required during the employee/contractor onboarding process, and annually thereafter. Employees also must read and acknowledge SPARETECH’s Code of Conduct and the Information Security policy
- Incident response: SPARETECH has an incident management plan which contains steps for preparation, identification, containment, investigation, eradication, recovery, and follow-up/postmortem that is reviewed and tested annually at least.
- Disk Encryption: Employee laptops have disk encryption enabled for protection
- Mobile Device Management: Our organization leverages mobile device management to ensure uniform application of security measures across all company devices.
- Threat Detection: SPARETECH utilizes a third party protection software for dedicated threat detection. The software detects intrusions, malware, and malicious activities. It assists in rapid response to eliminate and mitigate the threats.
- Anti-DDoS: SPARETECH leverages third party applications for DDoS protection.
- Data residency: SPARETECH uses data centers hosted by AWS in the EU. We chose Frankfurt, Germany for our data center because it has some of the most stringent privacy and technology standards in the world.
- Infrastructure security: SPARETECH utilizes third party protection solutions for threat detection and mitigation.
- Separate production environment: We have separate development, staging and production environments.
Infrastructure Security
We safeguard our underlying systems through robust network protections, secure cloud architecture, and continuous monitoring. Our infrastructure is designed to detect and prevent unauthorised access, ensuring uptime and data integrity.
Operational Security
Our operations follow strict security protocols, including access controls, employee training, and incident response planning. We minimize risk through regular audits, threat assessments, and a culture of security awareness.
Product Security
Security is built into every layer of our product. We employ secure development practices, conduct regular code reviews and testing, and implement strong data protection standards.
Compliance
SPARETECH has been attested by independent third-party auditors. If you’d like a copy of the compliance reports, please reach out to your account manager or security@sparetech.io for our Trust Portal.
SOC 2 Type II
The SOC 2 Type II is an audit report performed by an independent third-party certified public accounting (CPA) firm to evaluate a service organization's controls related to the Trust Services Criteria (TSC). The SOC 2 Type II report assesses the effectiveness of these controls over a period of time and is intended to provide assurance to customers and stakeholders that the organization has implemented adequate controls to protect their data.
Reporting security vulnerabilities
You can report security vulnerabilities to security@sparetech.io.