US & Canada: (866) 824-5452
Your trust matters
Introhive’s philosophy about security is simple: earn trust by meeting and exceeding current data security and privacy standards while maintaining constant vigilance over our customer’s data.
Book a demo
Our commitment to data security
Introhive employs the best people, practices, and technology to put customers first. You get peace of mind that our state-of-the-art technology and best practices developed by industry experts are in place to keep your data secure.
- Only collect the data we require and store only what is essential to our operation
- Limit the amount of data we transmit between clients and server
- Encrypt all data in transit
- Encrypt all data at rest
- Never underestimate the human element to data security
Data encryption that keeps you safe
Data transmitted between application and database servers is secured via 2048-bit SSL certificates. The same protection is afforded to data transferred between our servers and hosted mail providers.
Communication between our application server and our clients (both web and mobile) are also protected by 2048-bit SSL certificates.
All data at rest is protected by AES-256 encryption.
Physical security prevents breaches of trust
Introhive utilizes AWS data centers which are staffed 24×7 by trained security guards, and access is authorized strictly on a least privileged basis.
AWS has achieved ISO 27001:2013 certification and has been validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS).
AWS undergoes annual SOC 1, SOC 2 Type II and SOC 3 audits and have been successfully evaluated at the Moderate level for Federal government systems as well as DIACAP Level 2 for DoD systems.
Annual 3rd party penetration testing
Third party auditors perform external security/vulnerability testing on Introhive’s application with attempts to exploit security controls that are in place and vulnerabilities (if discovered).
Performed at least annually with reports available upon request.
Planning for the worst
Introhive maintains both a comprehensive Business Continuity and Disaster Recovery process.
Testing of these processes is performed bi-annually, and a full policy review is conducted annually to ensure they remain current and effective.
Compliance
GDPR
Introhive’s GDPR compliance program is led by our in-house General Counsel and Data Protection Officer. We stay ahead of the curve and can ensure that Introhive and our sub-processors are compliant to all pertinent privacy legislation, including CCPA, in order to mitigate risk for the organizations we support. Introhive is a data processor, and customer data is both owned and controlled by our customers (The Data Controller).
SOC 2 Type II
Annual SOC 2 Type II audit conducted by an independent CPA audit firm. Ensures our customers that we have best-in-class security controls and procedures in place which meet or exceed the AICPA SOC 2 Type II requirements.
Privacy and security
Privacy
Introhive’s privacy policy and practices have been certified under TRUSTe’s EU-US and Swiss-US Privacy Program. These annual assessments and certifications ensure that our privacy practices are compliant with the high standards set by EU-US and Swiss-US Privacy Shield, TRUSTe and the European Union (GDPR). The Introhive Privacy Policy can be viewed at https://www.introhive.com/privacy-policy/.
Testing of these processes is performed bi-annually, and a full policy review is conducted annually to ensure they remain current and effective.
Secure software development
We build and deliver secure software solutions applying internationally recognized security methodologies and best practices throughout the software development lifecycle (SDLC). Our process includes dynamic/static application security testing, security code reviews and 3rd party penetration testing to identify and remedy potential security vulnerabilities in applications, products or enhancements.
Security monitoring
We constantly maintain vigilant security monitoring to prevent, detect and respond to threats, vulnerabilities and security events. Our cloud service environments and applications are monitored by a range of security tools. These provide defense-in-depth, ensuring that security is monitored, actioned and managed at all tiers of the architecture.
Authentication
Single sign-on (SSO) support via SAML 2.0 with numerous identity platforms such as: Okta, OneLogin, Active Directory, Azure AD, Google, ForgeRock.
Awareness and training
All staff and contractors are subject to background checks and confidentiality agreements.
We provide an ongoing program of security awareness training designed to keep all members of staff informed on the latest Introhive security policies, data handling and privacy, latest security risks, and security best practices. This includes regular testing of comprehension to measure the program’s effectiveness.
In-house experts
In addition to our deployment of the best technologies and practices, we also employ experienced top talent in key positions on our security team, holding various credentials including: AWS Certified Security – Specialty, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Manager (CRISC), Certified Information Systems Auditor (CISA), ISO/IEC 27001 Lead Implementer, Certified Information Privacy Professional in European privacy law (CIPP/E).
Global enterprise-proven protection
Introhive is trusted by some of the largest companies on a global scale, including the single largest ERM deployment in the world of more than 100,000 users in over 90 countries.
Introhive is confident in the measures we have taken to ensure security and data protection compliance.
“Introhive makes the process of keeping information in CRM up-to-date a lot easier, because mundane tasks and manual data entry become automated for users and professionals. The net result for our global deployment is that Introhive has added huge value to all of our market-facing PwC professionals.”
