Audit Log Control, Log Retention (Logon Retention, Change Log Retention)

1. Q: Please indicate how audit log files are protected from unauthorized alteration

   A: The logs files are require permission to access and only ready by request. 

   
   

2. Q: Does the application support capture of user access activity such as successful logon and logoff?

   A: Yes, it’s available in the logs and database. It is available on demand.

   
   

3. Q: Can the application continue normal operation even when security audit capability is non-functional? (For example, if the audit log reaches capacity, the application should continue to operate and should either suspend logging, start a new log or begin overwriting the existing log)

   A: Yes

Platform Security Measures

To protect your data and ensure system integrity, iSlash enforces a multi-layered security framework that includes the following measures:

1. Server Hardening
   All application servers are secured through industry-standard hardening practices to minimize vulnerabilities.

2. Port Restrictions
   Only essential ports are open to reduce the risk of unauthorized access and network attacks.

3. Brute Force Attack Prevention
   Protective mechanisms are in place to detect and block repeated unauthorized login attempts.

4. Two-Factor Authentication (2FA) for User Login

   • Step 1: Secure login with email and password

   • Step 2: Verification via a One-Time Passcode (OTP) sent to the user's email

5. 256-bit SSL Encryption Certificates
   All data transmitted between clients and servers is protected by industry-standard 256-bit SSL encryption, ensuring secure communication.

These proactive security controls help ensure your data remains safe, confidential, and accessible only to authorized users.

Reliable Data Backup & Retention 

(Backup Policy, Recovery Point of Objective, Recovery Point of Time)

To ensure data durability and business continuity, iSlash performs full system backups every 48 hours and retains backup data for up to 180 days.

Additionally, daily backups are stored across multiple cloud regions, providing resilience against localized outages and ensuring high availability and disaster recovery capabilities.

Penetration Testing

Security penetration testing is available upon request to meet the needs of enterprise clients and auditors seeking additional assurance.

Is My Personal Information Secure?

We take your privacy and data security seriously. Here's how iSlash protects your personal information:

• Password-Protected Accounts
  Your account is secured with a password to safeguard your privacy and data.

• Optional Two-Factor Verification
  For added protection, you can enable One-Time 2-Factor Verification (2FA)—requiring both your password and a code sent to your registered email.

• Transport Layer Security (TLS)
  When you submit data on our platform, the transmission is encrypted using TLS (Transport Layer Security) to protect your information in transit.

Your Role in Keeping Data Secure

While we implement strong safeguards, security is a shared responsibility:

• Choose a strong, unique password and do not share it.

• Log out of your account after use, especially on shared or public devices.

• Keep your device and browser updated to reduce vulnerabilities.

We make every effort to protect the personal information stored in our systems. However, no transmission over the Internet is 100% secure, and unforeseen risks such as unauthorized access, software/hardware failure, or other issues may compromise data security.