Delair is commited to achieving and maintaining the trust of our customers.
Our strong security program for delair.ai is based on International Security Standards in compliance with the General Data Protection Regulation (“GDPR”).
Everything we do is governed by a strict set of policies, procedures, and controls :
- Data is encrypted in transit and within the platform.
- Security processes are taken into account in our secure software development lifecycle.
- Granular role-based access controls allow you to adjust your team members’ access to data, toolsets, and editing privileges.
- Audit tools provide a detailed record of actions of every user within the Platform and the delair.ai application.
The ISO 27001 Standard Approach
Our robust security program is based on the ISO 27001 Standard.
- Evaluation of threats and vulnerabilities by an independent third party
- IT risk assessment
- Issuance of a “Information Security Policy”
- Establishment of a “Security Event Management Plan”
Infrastructure Security Features
Audit Controls. The Delair Aerial Intelligence platform is audited every year. This audit evaluates the compliance of Delair’s platform architecture security according to the company’s strategies.
Granular roles & permissions. At platform level Delair enables granular permissions which allow granting privileges to specific roles and restricting system administrators from accessing user data. Only a small group of platform administrators can access those data.
Data Encryption. Delair.ai is hosted on AWS - All Delair data and personal data of customers are systematically encrypted on an S3 level through KMS (Key Management Service). The advantages of AWS Services:
- SOC2 compliant – warranties the security and availability of the data hosted
- ISO 27001, ISO 27017, ISO 27018, ISO 9001 certified
- FIPS 140-2 certificate – ensures the confidentiality and integrity of encryption keys
Application Security Features
Secure Software Development Life Cycle
Delair implemented a secure Software Development Life Cycle (S-SDLC) :
Delair performs penetration tests every three months in order to identify potential threats and vulnerabilities, thus enabling a full risk assessment to be completed. Mitigation strategies are then established and corrective actions are performed.
A penetration test is an authorized simulated cyber attack that helps evaluate the security of a system to identify weaknesses or vulnerabilities for unauthorized parties to access to the system’s features and data.
Two different tests are performed:
- Black-box testing: A penetration tester plays the role of a hacker. The objective of this test is to try to access the delair. ai database without knowing anything about the architecture structure.
- Gray-box testing: the tester has the access and knowledge levels of a user of the system and even advanced knowledge of the network’s internals, including its design and architecture. The objective is to test the security inside the protected perimeter and simulate an attack with long-term access to the network.
Dependency Track: Delair performs an audit of all third-party components in the code source of delair.ai to ensure the continuity of the application. Delair also ensures third parties respect all legal rights of data usage.
Granular roles & permissions: On an application level, delair.ai user profiles are based on roles with defined permissions to perform specific tasks. There are two notions of “users”, one related to an account (such as a company or organization) and one related to a project. This allows flexibility in managing your assets.