iQCloud Security & Privacy Overview
The security and privacy of our clients’ personal information is very important for us. We use robust security measures, which encompass both technical and organizational security controls, to prevent data loss, information leaks, or other unauthorized data processing operations. iQuate incorporates encryption, incident management, network and system integrity, and availability and resilience requirements into its security program. Learn more about our security policy, methodology and secure infrastructure by reviewing our security statement below.
Key facts about our security policy and server infrastructure
24/7 Proactive Monitoring
All our systems are continuously monitored for security, availability and performance.
Professional Data Centers
We exclusively use leading data center providers with excellent physical security controls.
Separation of customer data with database-level isolation and access permissions.
Communication with our servers is securely encrypted using SSL, HTTPS and TLS.
System & Data Backups
All our systems are regularly backed up for disaster recovery and system outages.
We are bound to the very strict European data protection laws.
iQCloud is 100% based on Amazon AWS with full compliance
All iQCloud accounts are 100% based on our Amazon AWS backed infrastructure, following many industry best practices and using Amazon’s fully compliant and certified systems.
All our systems comply with the strict EU data protection rules guaranteed under Amazon’s Safe Harbor compliance.
Amazon AWS has certified their infrastructure and/or is compliant with many industry standard policies under the AWS Assurance Program such as ISO, PCI DSS, SOC, FIPS and MPPA.
What we’re doing to keep your data and our infrastructure safe and to ensure fast and effective responses to security issues.
The security and safety of customer data, our applications and the supporting infrastructure is our top priority. We achieve a high level of security by following many industry best practices and regularly reviewing and improving our security policies and processes.
Our staff is trained and briefed to ensure that our security policy is executed thoroughly across all disciplines and teams, including customer service, our software development team as well as infrastructure operations. iQuate is SSAE-16 Certified for our controls and practices to ensure we conform to the highest standards.
Our servers are hosted exclusively at professionally maintained and secured facilities from leading data center providers. All facilities feature various physical security mechanisms such as electronic access control systems, 24/7 monitoring of entrances, server rooms and vehicle access roads, as well as modern fire detection and UPS systems.
Our applications and the supporting infrastructure are frequently reviewed for potential security issues. Our documented disclosure policy and our vulnerability management ensure efficient and fast responses to security issues and incidents.
Our data center providers employ additional constant performance and security monitoring of the used infrastructure. We monitor all systems 24/7 for availability and performance related incidents to pro-actively troubleshoot and resolve issues. Many of our servers and network equipment are designed in a redundant way with automatic active failover.
All communications with iQCloud instances or our customer portal are encrypted using industry standard TLS, SSL and HTTPS.
All access to data within iQCloud is governed by access rights and user authentication. Operations and customer service policies follow many industry best practices to limit access to customer data.
Our teams follow many industry best practices to achieve a high level of security in our code and infrastructure. To ensure a high code quality, we employ regular code reviews, track changes rigorously and train team members on common relevant attack vectors. We also maintain our own secure framework as part of our stack to limit third-party dependencies and to manage critical code in a central place.
We isolate customer data for iQCloud instances by using our Tenant Architecture with separate databases and user access for each customer. This and additional mechanisms ensure protection of sensitive customer information on the database level.
Reporting Security Issues
Keeping customer data safe and our infrastructure secure is our top priority. Your input and feedback on our security is highly appreciated. Please send urgent and security related requests directly to email@example.com and please also provide us with a secure way to respond.
Disclosing security issues
If you discovered a security issue that might impact our products or infrastructure, please let us know. We will acknowledge your report, provide a way to track the issue and start investigating the problem immediately. Once the issue has been resolved we’ll post a security update along with credits if applicable.
Please do not publicly disclose any problems without coordinating with us, so we can ensure that all customer accounts and instances have been secured first. We answer all requests within one business day and please ping us on Twitter (@iquate) or call us in case there are communication problems.
Quick contact details
Email us at: firstname.lastname@example.org