FAQ about Security; Data and system incidents
1- How to manage Data and System Incidents
Does Web1on1 have a System Incident Management process in place?
Yes, we do! We are running automated tests 24/7 which report back to us if tests fail. Incidents will be reported both on https://status.web1on1.chat as in the App. But most important, our team will be alerted. So they will be mitigating any issue immediately, while updating you via our status page.
Do you have a DR plan? How quickly could you restore from a data backup if you suffered a major loss and what is the maximum amount of data that might be lost?
We do have a DR plan, each part of the system can be restored from 24 to 48 hours (considering a complete disaster). Moreover, each instance of the whole infrastructure is multiplied, so losing a single instance will not cause service degrading. Provided time refers to a flood scale of the disaster.
Does Web1on1 have a Data incident management process in place?
Yes, we have it in place. In case of any management incident, we are ready to take a reaction immediately to protect your data from unjustified disclosure or any other infringement.
Have you had any information security breaches in the last 12 months?
No, we haven’t any. You can follow the website https://status.web1on1.chat where we report about any security issues and incidents.
What are your processes for identifying and remediating vulnerabilities in your application and the underlying software and infrastructure?
a) Running an external audit, fixing all found vulnerabilities, testing the implemented fix and iterating this procedure until the issue is fixed;
b) Periodic systems scanning with tools for automatic issue recognition.
What process should we follow if we suspect that a security breach has occurred?
Contact support via privacy@web1on1.chat.
2- Attack on the website
Is it possible to attack our website via the Web Widget (e.g., denial of service, buffer overflow due to manipulated data in connection with remote code execution)?
The chat widget runs in an iframe. This is a separate browser session ("sandboxed environment") completely disconnected and separated from the main customer page. Security between the iframe and main document is enforced by the browser.
More questions about security ?
Contact support via privacy@web1on1.chat