Data Security
Last updated June 12, 2024
We recognize that security is critical to you and your success. This is a responsibility we take seriously.
While we cannot reveal every measure we have in place (as this could be used against us by the very actors we protect ourselves against), we can give you a high-level overview of how we actively keep you and your data safe.
Certifications
SOC 2 Type 2
IGEN is SOC 2 Type 2 certified under all 5 Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. This investment in our information security program further ensures that client data is protected and our systems are secure.
Risk Mitigation and Compliance Tools
Compliance Tracking Tool
We use this compliance platform to maintain our entire information security program. It provides us with continuous visibility of our controls, monitors our compliance, and even provides us with automated evidence-collection capabilities.
Endpoint Detection and Response Technology
Monitors, detects, and remediates malicious attempts using machine learning and behavioral analysis.
Vulnerability Management and Web Application Scanning
Provides insight into the security of our applications and any potential vulnerabilities and recommendations for resolution.
Email Protection Gateway
This tool scans incoming and outgoing emails for malware and phishing attacks to protect our systems and contacts from malicious messages.
Risk Mitigation Practices
- Elevated internal user credentials are used to protect access to servers and data. We also require complex passwords and unique named user accounts for ourselves and our clients.
- Data is encrypted in transit and at rest.
- Operating system and software updates are performed in a timely manner to ensure security and stability of hosted server environments.
- Hosted client environments and databases are segregated from one another to maintain confidentiality. This includes other entities owned by our corporate parent.
- Business continuity and disaster recovery plans are in place to protect against disruptive events.
- All employees are required to complete annual comprehensive information security awareness training.