Your trust matters
Introhive’s philosophy about security is simple: earn trust by meeting and exceeding current data security and privacy standards while maintaining constant vigilance over our customer’s data.
Book a demoOur commitment to data security
Introhive employs the best people, practices, and technology to put customers first. You get peace of mind that our state-of-the-art technology and best practices developed by industry experts are in place to keep your data secure.
- Only collect the data we require and store only what is essential to our operation
- Limit the amount of data we transmit between clients and server
- Encrypt all data in transit
- Encrypt all data at rest
- Never underestimate the human element to data security
Data encryption that keeps you safe
All data is encrypted in transit by TLS 1.2+
All data at rest is protected by AES-256 encryption.
Physical security prevents breaches of trust
Introhive utilizes AWS data centers which are staffed 24×7 by trained security guards, and access is authorized strictly on a least privileged basis.
AWS has achieved ISO 27001 certification and has been validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS).
AWS undergoes numerous annual security compliance audits including l, SOC 2 Type II and ISO 27001 and have been successfully evaluated at the Moderate level for Federal government systems as well as DIACAP Level 2 for DoD systems.
Further AWS data center controls details.
Annual 3rd party penetration testing
Third party auditors perform external security/vulnerability testing on Introhive’s application with attempts to exploit security controls that are in place and vulnerabilities (if discovered).
Performed at least annually with reports available upon request.
Planning for the worst
Introhive maintains both a comprehensive Business Continuity and Disaster Recovery process.
Testing of these processes is performed bi-annually, and a full policy review is conducted annually to ensure they remain current and effective.
Compliance
GDPR
Introhive’s GDPR compliance program is led by our in-house General Counsel and Data Protection Officer. We stay ahead of the curve and can ensure that Introhive and our sub-processors are compliant to all pertinent privacy legislation, including CCPA, in order to mitigate risk for the organizations we support. Introhive is a data processor, and customer data is both owned and controlled by our customers (The Data Controller).
ISO 27001
Introhive is ISO 27001 certified which is evaluated annually. ISO 27001 certification demonstrates that Introhive’s security controls and processes meet the highest standards of security and are aligned with industry best practices..
SOC 2 Type II
Annual SOC 2 Type II audit conducted by an independent CPA audit firm. Ensures our customers that we have best-in-class security controls and procedures in place which meet or exceed the AICPA SOC 2 Type II requirements.
Cyber Essentials Plus
Introhive holds a Cyber Essentials Plus certification which is audited annually. Cyber Essentials Plus is a UK Government-backed, industry-supported certification scheme introduced in the UK to help organizations demonstrate operational security against common cyber-attacks. It builds upon the Cyber Essentials certification by incorporating independent verification of technical controls.
Privacy and security
Privacy
Introhive’s privacy policy and practices have been certified under TRUSTe’s EU-US and Swiss-US Privacy Program. These annual assessments and certifications ensure that our privacy practices are compliant with the high standards set by EU-US and Swiss-US Data Privacy Framework (DPF), TRUSTe and the European Union (GDPR). The Introhive Privacy Policy can be viewed at https://www.introhive.com/privacy-policy/.
Testing of these processes is performed annually, and a full policy review is conducted annually to ensure they remain current and effective.
Secure software development
We build and deliver secure software solutions applying internationally recognized security methodologies and best practices throughout the software development lifecycle (SDLC). Our process includes dynamic/static application security testing, security code reviews and 3rd party penetration testing to identify and remedy potential security vulnerabilities in applications, products or enhancements.
Security monitoring
We constantly maintain vigilant security monitoring to prevent, detect and respond to threats, vulnerabilities and security events. Our cloud service environments and applications are monitored by a range of security tools. These provide defense-in-depth, ensuring that security is monitored, actioned and managed at all tiers of the architecture.
Authentication
Single sign-on (SSO) support via SAML 2.0 with numerous identity platforms such as: Okta, OneLogin, Active Directory, Azure AD, Google, ForgeRock.
Awareness and training
All staff and contractors are subject to background checks and confidentiality agreements.
We provide an ongoing program of security awareness training designed to keep all members of staff informed on the latest Introhive security policies, data handling and privacy, latest security risks, and security best practices. This includes regular testing of comprehension to measure the program’s effectiveness.
In-house experts
In addition to our deployment of the best technologies and practices, we also employ experienced top talent in key positions on our security team, holding various credentials including: AWS Certified Security – Specialty, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Manager (CRISC), Certified Information Systems Auditor (CISA), ISO/IEC 27001 Lead Implementer, Certified Information Privacy Professional in European privacy law (CIPP/E).
Global enterprise-proven protection
Introhive is trusted by some of the largest companies on a global scale, including the single largest ERM deployment in the world of more than 100,000 users in over 90 countries.
Introhive is confident in the measures we have taken to ensure security and data protection compliance.