Your Data Security is Our Top Priority

Introhive's security philosophy is simple: meet and exceed current security standards, while maintaining constant vigilance over our customer's data.

Request a Demo

Our Commitment to Data Security


Introhive employs the best people, practices, and technology to put customers first. You get peace of mind that our state of the art technology and best practices developed by industry experts are in place to keep your data secure.

As your data stewards, Introhive commits to:

  • Only collect the data we require and store only what is essential to our operation
  • Limit the amount of data we transmit between clients and server
  • Encrypt all data in transit
  • Encrypt all data at rest
  • Never underestimate the human element to data security

Data Encryption

Data transmitted between application and database servers is secured via 2048-bit SSL certificates. The same protection is afforded to data transferred between our servers and hosted mail providers.

Communication between our application server and our clients (both web and mobile) are also protected by 2048-bit SSL certificates.

All data at rest is protected by AES-256 encryption.

Physical Security

Introhive utilizes AWS data centers which are staffed 24x7 by trained security guards, and access is authorized strictly on a least privileged basis.

AWS has achieved ISO 27001:2013 certification and has been validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS).

AWS undergoes annual SOC 1, SOC 2 Type II and SOC 3  audits and have been successfully evaluated at the Moderate level for Federal government systems as well as DIACAP Level 2 for DoD systems.

Annual 3rd Party Penetration Testing

Third party auditors perform external security/vulnerability testing on Introhive’s application with attempts to exploit security controls that are in place and vulnerabilities (if discovered).

Performed at least annually with reports available upon request.

Disaster Recovery & Business Continuity

Introhive maintains both a comprehensive Business Continuity and Disaster Recovery process.

Testing of these processes is performed bi-annually as well as a full policy review conducted annually to ensure they remain current and effective.

Compliance: Staying Ahead of The Curve


Introhive’s GDPR compliance program is led by our in-house General Counsel and Data Protection Officer. We stay ahead of the curve and can ensure that Introhive and our sub-processors are compliant in order to mitigate risk for the organizations we support. Introhive is a data processor, and customer data is both owned and controlled by our customers (The Data Controller).

SOC 2 Type II

Annual SOC 2 Type II audit conducted by an independent CPA audit firm. Ensures our customers that we have best-in-class security controls and procedures in place which meet or exceed the AICPA SOC 2 Type II requirements.

Privacy & Security


Introhive's privacy policy and practices have been certified under TRUSTe's EU-US and Swiss-US Privacy Program. These annual assessments and certifications ensure that our privacy practices are compliant with the high standards set by EU-US and Swiss-US Privacy Shield, TRUSTe and the European Union (GDPR). The Introhive Privacy Policy can be viewed at

Application Security

Secure Software Development

We build and deliver secure software solutions applying internationally recognized security methodologies and best practices throughout the software development lifecycle (SDLC). Our process includes dynamic/static application security testing, security code reviews and 3rd party penetration testing to identify and remedy potential security vulnerabilities in applications, products or enhancements.


Security Monitoring

We constantly maintain vigilant security monitoring to prevent, detect and respond to threats, vulnerabilities and security events.

Our cloud service environments and applications are monitored by a range of security tools. These provide defense-in-depth, ensuring that security is monitored, actioned and managed at all tiers of the architecture.



Single sign-on (SSO) support via SAML 2.0 with numerous identity platforms such as: Okta, OneLogin, Active Directory, Azure AD, Google, ForgeRock.

People Security

Awareness and Training

All staff and contractors are subject to background checks and confidentiality agreements.

We provide an ongoing program of security awareness training designed to keep all members of staff informed on the latest Introhive security policies, data handling and privacy, latest security risks, and security best practices. This includes regular testing of comprehension to measure the program’s effectiveness.


In-House Experts

In addition to our deployment of the best technologies and practices, we also employ experienced top talent in key positions on our security team, holding various credentials including: AWS Certified Security - Specialty, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Manager (CRISC), Certified Information Systems Auditor (CISA), ISO/IEC 27001 Lead Implementer, Certified Information Privacy Professional in European privacy law (CIPP/E).

Enterprise-Proven Protection

Global Protection

Introhive is trusted by some of the largest companies on a global scale, including the single largest ERM deployment in the world of more than 100,000 users in over 90 countries.


Introhive is confident in the measures we have taken to ensure security and data protection compliance. 

In a global company like ours, we have a lot of technical requirements in terms of what we are and are not allowed to do. The Introhive platform worked really well for us in terms of isolating those items. It provided a real value to us right out of the gate, on day one. As a result, we have had a lot of great adoption.

Chris Brand

Director, Practice - PwC


Trusted by These Leading Brands


Ready to Learn More?

Request a Demo