How Can We Help?

Search icon

Search Results

Interfolio Information Security and Data Privacy

At Interfolio by Elsevier, we understand the importance of safeguarding the information our users entrust to us. This article provides an overview of our commitment to these principles by highlighting the key certifications and policy documents that guide our practices, ensuring that we maintain high standards in protecting personal data.

 

Data Privacy Certifications, Statements, and Other Resources

  • ISO/IEC 27001:2022 - Information Security Management System (ISMS)
    Reflects our dedication to safeguarding information assets and ensuring the privacy of our stakeholders.
  • ISO/IEC 27701:2019 - Data Privacy Certification
     Underscores our commitment to effectively managing personal data and complying with privacy regulations. 
  • ISO 22301:2019 - Business Continuity Statement
    Outlines our strategies to ensure operational resilience and continuity in the face of disruptions.
  • Elsevier Security Statement
    Details the measures we take to protect our information and systems against security threats.
  • RELX Quality First Principles
    Outlines our commitment to maintaining high-quality standards in all aspects of our operations.
  • Elsevier Privacy Policy
    Provides transparency about how we collect, use, and protect personal information.
  • Elsevier Data Processing Terms
    Forms part of the agreement (“Agreement”) between the Elsevier entity (“Elsevier”) and subscriber, customer or other partner and any applicable affiliate (“Subscriber”) under which Elsevier provides certain services and in which this DPA is referenced.

Check out this article on how to Request Data Deletion for GDPR compliance, including how to contact Interfolio's Scholar Services team to submit a Right to Erasure request.

 

Security Infrastructure and Practices

Encryption

Elsevier uses:

  • TLS 1.2 or higher to protect data in motion.
  • AES 256 to protect data at rest
Patching and Vulnerability Management
  • Continuous vulnerability monitoring using tools like Tandem and Qualys
  • Risk-based remediation guided by CVSS scores and asset criticality
  • SLA-based resolution timelines prioritize externally-facing and high-risk assets
Backup and Storage
  • Hourly backups of databases and file storage.
  • Backups are stored in separate accounts and regions (AWS) for redundancy and disaster protection.
Disaster Recovery
  • Recovery Point Objective (RPO): Within 1 hour
  • Recovery Time Objective (RTO): Within 4 hours
  • Outage notifications are governed by Elsevier’s Master Service Agreement
Monitoring and Alerts
  • Tanium & Qualys: Vulnerability scanning
  • Datadog/New Relic: System uptime and availability
  • Cloudflare: Network-level traffic monitoring and threat prevention
  • CrowdStrike: On endpoints for malware detection
  • RelyQuest: 24/7 SOC for real-time threat monitoring and log correlation
  • RCM: Centralized log management
Regional Data Isolation
  • Interfolio services are globally available in Canada, EU, and Asia
  • Each region is fully isolated and data does not move between regions
Was this article helpful?
Give feedback about this article

Related Articles