Security & Data Protection White Paper

Security & Data Protection White Paper

image-20250311-064146.png

WinCan Web & WinCan Enterprise

Introduction

WinCan Web and WinCan Enterprise are cloud-based solutions for managing and analyzing pipeline inspection data. This document provides an overview of our security measures, data protection policies, and compliance standards, ensuring transparency for our customers.

1. Hosting & Infrastructure

  • Cloud Platform: Hosted on Amazon AWS Cloud using build in security solutions.

  • Data Encryption: All customer data is encrypted both at rest and in transit using TLS 1.2+ and AES-256 encryption.

  • Network Security: Firewalls, Intrusion Detection & Prevention Systems (IDPS), and regular security audits ensure a secure infrastructure.

  • High Availability: Redundant network gateways and geographically distributed data centers provide failover capabilities.

  • Authentication & Access Control: Multi-Factor Authentication (MFA), least privilege principles, and IP-based access restrictions.

2. Compliance & Certifications

WinCan follows industry best practices and adheres to relevant compliance frameworks, including:

  • GDPR – Ensuring customer data protection and privacy.

  • ISO 27001 – Security policies and risk management.

  • SOC 2 Type II – Third-party audits to verify security controls.

  • AWS Security Compliance – Physical and logical security measures in AWS data centers.

  • Pentest Certification – Third-party certification done on regular cadence 

3. Identity & Access Management (IAM)

  • Role-Based Access Control (RBAC) – Users have specific permissions based on their roles.

  • Single Sign-On (SSO) – Integration with enterprise identity providers like Okta and Microsoft Active Directory.

  • Multi-Factor Authentication (MFA) – Supported for an extra layer of security.

4. Data Protection & Privacy

  • Encryption: All sensitive data is encrypted both in transit and at rest.

  • Data Residency: Customer data is stored in data centers closest to their location.

  • Access Controls: No third-party vendors have direct access to customer data.

  • Backup & Disaster Recovery:

    • Daily full database backups.

    • Incremental backups every 15 minutes.

    • Backups stored in multiple locations for redundancy.

    • Disaster recovery time: Full system recovery within 2 hours.

  • AI – this are our internal developed ML models and we are not processing data using any external services (data stays in our serves for AI processing)

  • Internal team only – we are not using 3rd party support/SysOps vendors

5. Security Monitoring & Incident Response

  • Penetration Testing: Regular security audits and third-party penetration tests are conducted at least once per year.

  • Security Incident Response Plan:

    • Immediate notification of affected customers in case of a breach.

    • Investigation and resolution measures according to ISO 27001 standards.

    • Compliance with legal and regulatory reporting obligations.

6. Application & API Security

  • Secure Development Practices:

    • Code reviews and automated security testing before deployment.

    • Web application security aligned with OWASP best practices.

    • API automated testing

  • API Security:

    • HTTPS enforced.

    • Token-based authentication.

    • Granular access control for API operations.

  • Release & Update Cycle:

    • Monthly major releases

    • Extra security patches if needed.

7. Customer Responsibilities & Best Practices

While WinCan ensures a secure infrastructure, customers should follow these best practices:

  • Use strong authentication mechanisms (SSO, MFA).

  • Regularly review user permissions to enforce least privilege access.

  • Report security incidents promptly to WinCan support. 

Conclusion

WinCan Web and WinCan Enterprise prioritize security, privacy, and compliance to ensure customer data remains protected. By leveraging industry-leading technologies and best practices, we provide a secure and reliable solution for managing pipeline inspection data.

 

23_WinCan_Web_SSO_EN - Service & Support - WinCan Knowledgebase