GLIMPSE SECURITY STATEMENT
The security and privacy of customer data is one of Glimpse’s highest priorities. As such, to ensure the physical and digital security of all customer materials, Glimpse has implemented certain policies and practices which are listed below. If you have further questions or concerns, please don’t hesitate to contact us at info@glimp.se.
DIGITAL SECURITY - GLIMPSE PORTAL SOFTWARE AND CLOUD INFRASTRUCTURE
ENCRYPTION
The Glimpse solution is encrypted end-to-end. This means that all hardware, uploads, data storage, and internal databases are fully encrypted. Data is encrypted at rest and in-transit; until it reaches the user’s browser.
CLOUD SECURITY
Glimpse employs encrypted storage for all data. Glimpse’s cloud services are configured with private networking and are only accessible through secured and encrypted connections. Glimpse internal roles and policies are configured with minimal access, and development accounts require a multi-factor authentication flow.
APPLICATION SECURITY
The Glimpse Portal is by default secured using HTTPS with a secure socket layer (SSL). Glimpse uses an industry standard user authentication service and Glimpse does not have access to any user login credentials to the Portal.
APPLICATION DEVELOPMENT
The Portal’s code base is secured with industry standard tools, and all developers are required to digitally sign each change to the code base. Proposed changes must undergo a peer-review request change and pass a standard set of tests before and after review. All deployments require role-based authentication and are tested on multiple environments before release.
PATCH MANAGEMENT
Glimpse monitors and updates all library dependencies with industry standard tools. All updates are automatically added to Glimpse’s review process and tested for breaking changes. Glimpse conducts monthly audits of its packages and dependencies for potential issues.
LOGGING AND CONTINUOUS MONITORING
Glimpse maintains access logs into the Glimpse Portal and all Glimpse tools and infrastructure. Unusual activity automatically triggers alarms and alerts to the Glimpse engineering team.
CORE SUBPROCESSORS’ TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES
DIGITAL SECURITY - EMPLOYEES AND THEIR ACCESS
NETWORK AND DEVICE SECURITY
All employee laptops have full-disk encryption and require user login.
ACCESS CONTROL
All software services used by Glimpse employees require multi-factor authentication.
TRAINING AND AWARENESS
All employees go through a security briefing. The Glimpse team holds monthly meetings to discuss potential threats and define best practices to prevent attacks and implement updated guidelines.
To further safeguard customer confidentiality, Glimpse employees use unique customer IDs in place of company names outside of limited, restricted-access, internal environments.
PHYSICAL SECURITY
CELL STORAGE
All customer cells are securely stored in a double-locked cabinet and are only taken out for scanning or repackaging for return shipments to the customer. The keys to the cabinet's locks are kept in a safe which is accessible only to select Glimpse personnel. Inside the cabinet, cells are organized by customer, each labeled with a unique customer ID to eliminate any chance of mix-up.
Customer cells are never left unattended outside the cell storage cabinet. The movement of cells within the cabinet is restricted to authorized Glimpse personnel.
CELL HANDLING AND TRAINING
All employees responsible for cell scanning receive comprehensive training, which includes the safe and proper handling of customer cells. In the rare event of a cell being dropped on the floor, the Glimpse Operations team will promptly contact the customer.
CELL SHIPMENT
All members of the Glimpse Operations team handling return shipments of customer cells have undergone mandatory DOT training for mailing Li-metal and Li-ion batteries. For return shipments, Glimpse prioritizes the reuse of the customer's original packaging materials whenever feasible.
FACILITY SECURITY
Glimpse's facilities are located in a building equipped with security cameras and accessible only via key fob. Visitors are obligated to sign in with the receptionist at the front desk and are always accompanied while inside the building.