Select theme:
Trust and Compliance.IntoneCCM is a cutting-edge enterprise Software-as-a-Service (SaaS) platform that provides Continuous Control Monitoring and comprehensive compliance solutions across industries and use cases. we’re committed to providing you with clear information about our privacy, compliance, and data processing practices. Below, you’ll find details about our certifications, policies, and procedures designed to ensure the security and confidentiality of your data.
Azure: Ensures the security of the cloud, including the global infrastructure.
IntoneCCM: Handles security in the application.
Customers: Manage what is stored in the cloud, such as data, user accounts, and access.
Trust is earned through transparency, which is why we’re dedicated to being upfront about how we handle your data. Our privacy and data processing practices are designed to protect your information while providing you with the services you need.
At IntoneCCM, security and compliance are a collaborative effort between IntoneCCM and our customers. While IntoneCCM safeguards the application infrastructure, customers are responsible for managing end-user security and access controls within their organizations.
To help maintain a secure environment, customers should enforce strong access controls, such as:
Ensure user accounts are created only for authorized individuals.
Disabling or revoking credentials immediately when access is no longer needed or if authentication details or other sensitive information have been compromised.
Microsoft Azure is responsible for securing the physical infrastructure that underpins the entire cloud environment—including data centers, server hardware, networking, and foundational services—that support the IntoneCCM platform and host customer data.
Building on the physical and infrastructure safeguards provided by Microsoft Azure, IntoneCCM enforces a comprehensive security framework aligned with the SOC 2 Trust Services Criteria of security, availability, processing integrity, and confidentiality. Our layered controls, documented processes, and continuous real-time monitoring protect customer data while ensuring compliance with industry standards and exceeding customer expectations.
Customers play a vital role in the shared responsibility model by managing and safeguarding their data within the platform. Key areas of customer responsibility include:
User Access Management: Defining and controlling who can access the platform and what permissions they have.
Data Lifecycle Management: Deciding what data to input, how long to retain it, and when to delete or archive it.
Customers establish who has access to their data.
The IntoneCCM platform provides built-in tools and features to help customers effectively manage end-user access and security within their environments, including:
Configurable Password Policies: Enforce complex password requirements for better security.
Password Expiration Controls: Set custom password expiration intervals to align with internal policies.
Session Timeout Settings: Automatically log out inactive users to prevent unauthorized access.
Account Lockout Protections: Automatically challenge user accounts after multiple failed login attempts.
Account Management Tools: Quickly suspend, reactivate, or delete user accounts as needed.
Activity Tracking: Monitor and log user actions to support auditing and compliance requirements.
At IntoneCCM, customer data is treated as highly confidential and handled with the utmost care. We enforce strict policies and technical controls to ensure that customer information is protected at all times.
No External Duplication: Customer data is never copied or stored outside the production environment—including on employee devices.
Minimal Data Collection: Only the essential information required for account setup, system administration, and product access is collected from licensed users—never more than what is needed.
Audits & Certifications: We understand the importance of third-party validation when it comes to security and compliance. We undergo regular independent audits and maintain certifications such as SOC 2, HIPAA, ISO 27001-2013 & ISO 9001-2015, and more. These certifications demonstrate our commitment to meeting the highest standards of security and compliance in the industry.
At IntoneCCM, platform security is built into the foundation of our services. Our security framework is continuously updated to address emerging risks, enhance monitoring, and align with global standards. From encryption to event monitoring and secure development practices, every layer of our platform is designed to safeguard your data.
Encryption in Transit: All data transmitted between users and the platform is protected with TLS 1.3 to ensure secure communication channels.
Secure Email Transmission: All platform-generated emails use TLS encryption when supported by the recipient’s email system.
Secure Password Storage: Passwords are hashed and salted using strong cryptographic algorithms to prevent reverse engineering and ensure data integrity.
Failed Login Attempts: After multiple incorrect attempts, users are prompted to complete an automated verification step to protect against brute-force attacks.
Session Controls: User sessions automatically expire after a set period of inactivity to prevent unauthorized access from unattended devices.
Continuous Monitoring: Systems are monitored 24/7 with automated alerts and real-time response capabilities for potential security or performance issues.
Access to administrative tools follows a least-privilege approach—only authorized team members can request access, with every request logged and approved by management.
Privileged sessions are protected with multi-factor authentication (MFA).
Activity is continuously logged and reviewed to identify and address suspicious behavior.
Security is integrated throughout the software development life cycle (SDLC).
Developers follow secure coding practices and use automated tools to detect vulnerabilities early.
All changes undergo peer review, testing, and quality assurance checks before release.
Segregation of Duties (SOD): Defined roles and responsibilities ensure that no individual has excessive or conflicting access to critical systems or data.
Real-Time Monitoring: Automated tools continuously track system health and performance, ensuring rapid detection of potential threats.
Vulnerability Scanning: Applications and infrastructure are routinely scanned to identify and address risks before they impact customers.