Intranet Security & Compliance Delivering the highest standards of compliance and security in the industry.

Private Azure Cloud

We will host and run your intranet on a private Microsoft Azure cloud hosting infrastructure – the industry leader with 90+ compliance offerings. The facilities are SSAE 16 (SOC 1, SOC 2 Type II) and ISO 27001 compliant.

Hosting options

We offer a multi-tenant or single-tenant solution to meet your needs. And we can host your data in either Canada or the U.S. with a guaranteed uptime of 99.9%.

Disaster recovery

We provide all customers with a disaster recovery plan so that your critical data stays safe in the event a disaster strikes.

Data backups

We provide complete data backups across redundant primary and secondary site servers with additional service options to meet your requirements.

Architecture

The Igloo platform was designed for the cloud and leverages Microsoft stack, including the highly secure .net framework.

Data encryption

At rest, data is encrypted with (minimum) AES-256 (FIPS 140-2 compliance). In transit, all connections to Igloo are secured via SSL/TLS (Qualys SSL Labs gives us an A+).

Mobile application

The Igloo mobile application offers two options for methods of authentication: Igloo Authentication (including LDAP authentication happening behind the scenes) using login and password; and SAML authentication.

Third-party testing

Igloo’s platform, processes, and networks regularly undergo third-party audits including vulnerability scans, intrusion detection monitoring, and penetration tests.

Perimeter defense

We apply an additional array of strategies to secure the environment and data, including:

• Firewall (Network Security Group)
• Anti-Virus/Malware
• DDoS avoidance/prevention
• DNS private resolution

GDPR

We’re committed to helping our customers comply with the General Data Protection Regulation (GDPR), a 2018 law that provides privacy protections for individuals in the European Union (EU).

HIPAA

For healthcare customers, Igloo’s secure cloud solution, offices, and staff adhere to HIPAA security standards, and we implement a Business Associate Agreement (BAA) with those customers for the provision services in respect of protected health information (PHI).

CCPA

As a service provider under The California Consumer Privacy Act of 2018 (CCPA), Igloo facilitates customers who hold personal information of California consumers being able to fulfill their CCPA obligations in respect of that data.

Canada

Igloo’s platform enables customers who are subject to Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable Canadian laws to comply with their privacy obligations under those laws.

Identity and access management

Native sign-in and single sign-on (SSO) with SAML means no additional login is required. And we never store passwords in a readable format.

Easy administration, with full control

IT, or whomever you assign ownership for your site, will retain overall control of the content, applications, and structure.

Built-in platform authentication

Igloo requires a specific username and password combination. You can manage users by adding members, performing bulk user imports, or sending invitations, which include CAPTCHA.

Third-party authentication

Igloo supports LDAP, Active Directory and identity service providers (IdP) like OKTA and OneLogin. It’s another way we make things simple — and secure.

Governance and Security Committees

We follow industry best practices for corporate governance, with an aim to meet or exceed regulatory requirements. Our multi-disciplinary teams regularly create, review, and update our internal security policies and procedures.

Employee background checks and NDAs

In addition to requiring employees to sign NDAs, we perform rigorous background checks of IT and development staff with access to production systems in our data center.

Security-focused development

At Igloo, we ensure that every new feature is a secure feature. Our Software Development Lifecycle (SDLC) incorporates Microsoft SDL and OWASP recommendations to ensure an ever-improving software development process that prioritizes security.

Incident response

Igloo’s incident response plan includes protocols for assessing the impact of a potential breach, steps for data backup and recovery, and notification to customers who may have been impacted.