Introhive employs the best people, practices, and technology to put customers first. You get peace of mind that our state of the art technology and best practices developed by industry experts are in place to keep your data secure.
As your data stewards, Introhive commits to:
Data transmitted between application and database servers is secured via 2048-bit SSL certificates. The same protection is afforded to data transferred between our servers and hosted mail providers.
Communication between our application server and our clients (both web and mobile) are also protected by 2048-bit SSL certificates.
All data at rest is protected by AES-256 encryption.
Introhive utilizes AWS data centers which are staffed 24x7 by trained security guards, and access is authorized strictly on a least privileged basis.
AWS has achieved ISO 27001:2013 certification and has been validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS).
AWS undergoes annual SOC 1, SOC 2 Type II and SOC 3 audits and have been successfully evaluated at the Moderate level for Federal government systems as well as DIACAP Level 2 for DoD systems.
Third party auditors perform external security/vulnerability testing on Introhive’s application with attempts to exploit security controls that are in place and vulnerabilities (if discovered).
Performed at least annually with reports available upon request.
Introhive maintains both a comprehensive Business Continuity and Disaster Recovery process.
Testing of these processes is performed bi-annually as well as a full policy review conducted annually to ensure they remain current and effective.
Introhive’s GDPR compliance program is led by our in-house General Counsel and Data Protection Officer. We stay ahead of the curve and can ensure that Introhive and our sub-processors are compliant in order to mitigate risk for the organizations we support. Introhive is a data processor, and customer data is both owned and controlled by our customers (The Data Controller).
Annual SOC 2 Type II audit conducted by an independent CPA audit firm. Ensures our customers that we have best-in-class security controls and procedures in place which meet or exceed the AICPA SOC 2 Type II requirements.
Secure Software Development
We build and deliver secure software solutions applying internationally recognized security methodologies and best practices throughout the software development lifecycle (SDLC). Our process includes dynamic/static application security testing, security code reviews and 3rd party penetration testing to identify and remedy potential security vulnerabilities in applications, products or enhancements.
We constantly maintain vigilant security monitoring to prevent, detect and respond to threats, vulnerabilities and security events.
Our cloud service environments and applications are monitored by a range of security tools. These provide defense-in-depth, ensuring that security is monitored, actioned and managed at all tiers of the architecture.
Single sign-on (SSO) support via SAML 2.0 with numerous identity platforms such as: Okta, OneLogin, Active Directory, Azure AD, Google, ForgeRock.
Awareness and Training
All staff and contractors are subject to background checks and confidentiality agreements.
We provide an ongoing program of security awareness training designed to keep all members of staff informed on the latest Introhive security policies, data handling and privacy, latest security risks, and security best practices. This includes regular testing of comprehension to measure the program’s effectiveness.
In addition to our deployment of the best technologies and practices, we also employ experienced top talent in key positions on our security team, holding various credentials including: AWS Certified Security - Specialty, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Manager (CRISC), Certified Information Systems Auditor (CISA), ISO/IEC 27001 Lead Implementer, Certified Information Privacy Professional in European privacy law (CIPP/E).
Introhive is trusted by some of the largest companies on a global scale, including the single largest ERM deployment in the world of more than 100,000 users in over 90 countries.
Introhive is confident in the measures we have taken to ensure security and data protection compliance.
In a global company like ours, we have a lot of technical requirements in terms of what we are and are not allowed to do. The Introhive platform worked really well for us in terms of isolating those items. It provided a real value to us right out of the gate, on day one. As a result, we have had a lot of great adoption.