Intranet Security & Compliance Delivering the highest standards of compliance and security in the industry.

Igloo is hosted in the industry-leading Microsoft Azure cloud and offers the highest standards of compliance and security at all levels. From guaranteed uptime to regular third-party vulnerability testing to giving you full control of your data — we’ve got you covered.
Hosting
Private Azure Cloud
We will host and run your intranet on a private Microsoft Azure cloud hosting infrastructure – the industry leader with 90+ compliance offerings. The facilities are SSAE 16 (SOC 1, SOC 2 Type II) and ISO 27001 compliant.
Hosting options
We offer a multi-tenant or single-tenant solution to meet your needs. And we can host your data in either Canada or the U.S. with a guaranteed uptime of 99.9%.
Disaster recovery
We provide all customers with a disaster recovery plan so that your critical data stays safe in the event a disaster strikes.
Data backups
We provide complete data backups across redundant primary and secondary site servers with additional service options to meet your requirements.
Platform Security
Architecture
The Igloo platform was designed for the cloud and leverages Microsoft stack, including the highly secure .net framework.
Data encryption
At rest, data is encrypted with (minimum) AES-256 (FIPS 140-2 compliance). In transit, all connections to Igloo are secured via SSL/TLS (Qualys SSL Labs gives us an A+).
Mobile application
The Igloo mobile application offers two options for methods of authentication: Igloo Authentication (including LDAP authentication happening behind the scenes) using login and password; and SAML authentication.
Third-party testing
Igloo’s platform, processes, and networks regularly undergo third-party audits including vulnerability scans, intrusion detection monitoring, and penetration tests.
Perimeter defense
We apply an additional array of strategies to secure the environment and data, including:
- Firewall (Network Security Group)
- Anti-Virus/Malware
- DDoS avoidance/prevention
- DNS private resolution
Privacy
GDPR
We’re committed to helping our customers comply with the General Data Protection Regulation (GDPR), a 2018 law that provides privacy protections for individuals in the European Union (EU).
HIPAA
For healthcare customers, Igloo’s secure cloud solution, offices, and staff adhere to HIPAA security standards, and we implement a Business Associate Agreement (BAA) with those customers for the provision services in respect of protected health information (PHI).
CCPA
As a service provider under The California Consumer Privacy Act of 2018 (CCPA), Igloo facilitates customers who hold personal information of California consumers being able to fulfill their CCPA obligations in respect of that data.
Canada
Igloo’s platform enables customers who are subject to Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable Canadian laws to comply with their privacy obligations under those laws.
Authentication & Member Management
Identity and access management
Native sign-in and single sign-on (SSO) with SAML means no additional login is required. And we never store passwords in a readable format.
Easy administration, with full control
IT, or whomever you assign ownership for your site, will retain overall control of the content, applications, and structure.
Built-in platform authentication
Igloo requires a specific username and password combination. You can manage users by adding members, performing bulk user imports, or sending invitations, which include CAPTCHA.
Third-party authentication
Igloo supports LDAP, Active Directory and identity service providers (IdP) like OKTA and OneLogin. It’s another way we make things simple — and secure.
Corporate Governance
Governance and Security Committees
We follow industry best practices for corporate governance, with an aim to meet or exceed regulatory requirements. Our multi-disciplinary teams regularly create, review, and update our internal security policies and procedures.
Employee background checks and NDAs
In addition to requiring employees to sign NDAs, we perform rigorous background checks of IT and development staff with access to production systems in our data center.
Security-focused development
At Igloo, we ensure that every new feature is a secure feature. Our Software Development Lifecycle (SDLC) incorporates Microsoft SDL and OWASP recommendations to ensure an ever-improving software development process that prioritizes security.
Incident response
Igloo’s incident response plan includes protocols for assessing the impact of a potential breach, steps for data backup and recovery, and notification to customers who may have been impacted.
Technical expertise to plan and deploy your digital workplace
We work with you to meet your specific technical requirements and configure your digital workplace environment with security always top of mind.

Ready to talk to an expert?
Talk to one of our product experts to get a demo of the Igloo platform and discuss the needs of your organization or teams digital transformation.
Schedule a call with a product expert