Skip to main content Skip to footer
SolucionesInclusivas | Inclusive Solutions, "Inclusion that drives change". Icon of a globe with a finger clicking on the world, setting it in motion.

Security Statement
Soluciones Inclusivas LLC

Introduction

This Security Statement applies to all products, services, websites, and applications offered by Soluciones Inclusivas LLC (hereinafter, “Soluciones Inclusivas” or “the Company”). We collectively refer to these as the “Services” in this Statement. This Security Statement also forms an integral part of the user agreements entered into with Soluciones Inclusivas customers.

Soluciones Inclusivas values the trust that its customers place in us by entrusting us with the custody of their data. We take our responsibility to protect and safeguard your information very seriously and strive to ensure total transparency regarding our security practices, which are described below. Likewise, our Privacy Policy describes the ways in which we use your data.

Infrastructure Security

Soluciones Inclusivas’ information systems and technical infrastructure are hosted on high-security cloud services. We implement robust security measures, including firewalls, intrusion detection systems, and continuous monitoring.

Key Information

AspectDetail
InfrastructureHosted on high-security cloud services
Compliance standardsNIST SP 800-53, ISO/IEC 27001, GDPR, CCPA
Access controlMulti-factor authentication, robust password policy
Vulnerability managementRegular scans, penetration testing
Breach notificationProcedures in compliance with applicable legislation
Security contact[email protected]

WordPress Security

Soluciones Inclusivas acknowledges that our website is developed using WordPress, a platform that has experienced security vulnerabilities in the past and, if not properly configured, can be susceptible to attacks. Aware of these risks, we have implemented comprehensive measures to strengthen the security of our website:

  • Modified access URLs: We have changed the default URLs for accessing the admin area, making it harder for potential attackers to locate entry points.
  • Database protection: We have modified the database name, user, and implemented a complex password to protect stored information.
  • XML-RPC deactivation: We have disabled the XML-RPC functionality to prevent potential exploitations of this feature.
  • reCAPTCHA implementation: All our forms include reCAPTCHA to prevent automated attacks.
  • SSL configuration: We have implemented SSL to secure data transmission between our server and visitors’ browsers.
  • Minimization of exposed information: We have deactivated the automatic publication of information that WordPress performs by default, thus reducing the exposure of details that could facilitate the identification of vulnerabilities.
  • Constant monitoring: We stay up-to-date with news about WordPress security vulnerabilities and act quickly to protect our website against new threats.
  • Brute force attack prevention: We avoid using common admin usernames such as “admin” or similar, making unauthorized access attempts more difficult.
  • IP blocking: The IP address of potential attackers is automatically blocked after 5 failed login attempts to the website, limiting the effectiveness of brute force attacks.
  • DDoS protection: Our server has robust DDoS Protection, capable of mitigating large-scale denial of service attacks.
  • Server masking: We use Cloudflare to route our content, which helps us conceal our server information and provides an additional layer of security and performance.

These security measures not only protect our own website but are also part of the services we offer to our clients. Our “Security Hardening” service includes the implementation of these and other protective measures for websites based on WordPress, Drupal, Joomla, Moodle, among others; helping our clients maintain their platforms secure against evolving cyber threats.

Compliance

Soluciones Inclusivas has implemented governance, risk management, and compliance practices that align with internationally recognized information security frameworks. We strive to comply with cybersecurity standards such as NIST SP 800-53, ISO/IEC 27001, as well as data protection regulations such as GDPR and CCPA.

Access Control

Access to Soluciones Inclusivas’ technological resources is only allowed through secure connections that require multi-factor authentication. Our Password Policy requires them to be complex, have an expiration date, and cannot be reused. Soluciones Inclusivas grants access only when necessary according to the principle of least privilege, regularly reviews permissions, and revokes access immediately after staff disconnection.

Security Policies

Soluciones Inclusivas reviews and updates its information security-related policies annually. Staff must read and accept these policies each year, in addition to completing additional training relevant to their roles. The training is designed to comply with all specifications and regulations applicable to Soluciones Inclusivas.

Personnel

Soluciones Inclusivas conducts background checks when hiring its staff (to the extent permitted by applicable legislation). Likewise, Soluciones Inclusivas informs all its staff of its information security policies (which must be accepted), requires new staff to sign confidentiality agreements, and provides ongoing training on privacy and security issues.

Vulnerability Management

Soluciones Inclusivas has a vulnerability management program that includes periodic scans, identification, and correction of security vulnerabilities in servers, workstations, network equipment, and applications. We also conduct regular penetration tests to assess the robustness of our security measures.

Secure Coding and Development

Soluciones Inclusivas implements secure coding practices. Our development team uses techniques and best practices that focus on security by design. Development staff receive formal training in secure web application development practices.

Incident Management

Soluciones Inclusivas has a security incident response process that covers initial response, investigation, and customer notification, as well as public communication and error remediation. This process is reviewed and evaluated periodically.

Business Continuity

Soluciones Inclusivas maintains encrypted backups and has a strategy to ensure that downtime and data loss are minimal. Our Business Continuity Plan is tested and updated periodically.

Your Responsibilities

To ensure the security of your data, you need to maintain the security of your account by using complex passwords and storing them securely. Additionally, you must ensure that you have sufficient security measures in place on your own systems.

Logging and Monitoring

Soluciones Inclusivas’ application and infrastructure systems log information in a centrally controlled log repository. Logs are retained in accordance with regulatory requirements and are used for troubleshooting, security reviews, and analysis.

For any questions or concerns about this Security Statement, please contact us at:

Email: [email protected] Mailing address: 2093 Philadelphia Pike #7582 Claymont, DE 19703, USA

Last update:
September 19, 2024