Data Encryption & Protection

All data is encrypted at rest using 256-bit Advanced Encryption Standard and all in-transit data is encrypted using Transport Layer Security (TLS). The most sensitive data is further encrypted so that plain text never exists on FeedStock servers at any point. Furthermore, the client is able to own the encryption keys to their data through the AWS Key Management Service (KMS) offering.

FeedStock production, classification activities and system infrastructure is protected and accessed through a Virtual Private Network (VPN) on AWS, to which access is controlled and monitored by Access Control Lists (ACLs). Granular ACLs are maintained in accordance with a ‘minimum necessary access policy’, whereby employees are only granted access to data that their role requires. The ACLs and user access rights are reviewed and amended on a regular basis to ensure they are current and based on business requirements. 

FeedStock ensures that integrity of information is achieved by protecting access to the data streams and components. On-premise components are never exposed to external networks and are only accessible through VPN or bastion hosts for maintenance procedures. On-cloud data pipelines are only accessible by authorised AWS IAM users. Activities of the IAM users on AWS are logged and stored permanently on AWS CloudTrail. Records received by the on-cloud data pipeline are uniquely identified and validated. All record processing operations in the data pipeline are idempotent.