Data Protection and Secure Access Management
Uncompromising security is deeply embedded in each solution we engineer. Guaranteeing meticulously managed internal and external security processes from banking level experience.
Within Sentry Interactive we have a set of robust policies and standards which ensures we align ourselves to the working practices of ISO27001. All staff are required to comply with the policies that are in place. All products and services that we use, develop, or deploy are put through a standard risk-based approach review.
Our platform and operational security that is held within AWS is certified under ISO/IEC 27001:2013, the international best practice standard for Information Security Management Controls which is independently audited. Additionally, we also comply with best practices and regulations in relation to the management of personal data under the UK Data Protection Act 2018 (DPA) and the European Union General Data Protection Regulation (The GDPR).
Amazon Web Services
Having our IT infrastructure with AWS provides security that is designed and managed in alignment with best security practices and a variety of IT security standards. The following is a partial list of assurance programs with which AWS complies:
- SOC 1/ISAE 3402, SOC 2, SOC 3
- FISMA, DIACAP, and FedRAMP
- PCI DSS Level 1
- ISO 9001, ISO 27001, ISO 27017, ISO 27018
Security Standards and Compliance Certifications
Physical Security (AWS)
Having our service operate on Amazon Web Services (AWS) ensures that we can work in a manner which is certified under a number of global compliance programmes which underlines best practices in terms of data centre security.
- ISO 27001 Information Security Management Controls
- PCI-DSS Level 1 Payment Card Standards
- ISO 27018 Personal Data Protection
- SSAE16/SOC 1, SOC2 and SOC 3
- FIPS United States Government Security Standards
For the full list of AWS compliance programs see:
More information about AWS data centre controls may be found here:
We have dedicated automated systems in place to protect against Distributed Denial of Service (DDoS) attacks as well as man-in-the-middle attacks. We use reputable registrars to protect against domain hijacking and “phishing” attacks.
All internet traffic is encrypted at a transport level and confidential information is encrypted at rest. We use best practices in terms of encryption key storage and security.
Strong Access Control Security
Our platform provides a role based, hierarchical security model with two-step authentication and multi-factor authentication for sensitive systems. All access is logged and audited for suspicious / anomalous behavior.
We’re expanding our security system integrations with existing access control systems at an unprecedented pace — chances are we’re already compatible with your current setup.