SECURITY & COMPLIANCE
Iptor takes security very seriously. We understand that security extends beyond a secure application—it involves monitoring, improving, and remaining vigilant against risks both internal and external. Iptor follows best practices and industry standards to achieve compliance with industry-accepted general security and privacy frameworks, which in turn helps our customers meet their own compliance obligations. Here are just some of the measures we take to prevent data leaks and unauthorized data access:
Iptor is ISO 27001:2013 certified.
Iptor partners Kyndryl and IBM are both ISO 27001:2013 certified.
IBM cloud compliance program can be found here: https://www.ibm.com/cloud/compliance/global
Iptor partner Kyndryl and IBM holds both ISO 27017 and ISO 27018 certificate.
Iptor partner IBM is performing SOC 3 audit regularly.
SOC 3 report is possible to download here: https://www.ibm.com/cloud/compliance/global
SOC 1 and SOC 2 reports are based on services from IBM, some are applicable to Iptor SaaS.
Iptor is performing ISAE 3402 external audit on the IaaS and PaaS cloud.
Kyndryl datacenter is performing external audit according to ISAE 3402 on specific parts of the service.
Iptor IaaS and PaaS services are located in Kyndryl data center in Europe.
Iptor SaaS services are located in IBM Cloud. There are Data centers in Europe, USA and APAC. Iptor have the possibility to determine and monitor in which region every customer data resides.
- On-Site security
Iptor partner Kyndryl and IBM have Data centers that are on the cutting edge of data center security. All facilities are monitored, have 24/7 surveillance and every door has a key card locker where only authorized personnel have access.
- Data center operational security
Iptor partner Kyndryl and IBM data centers are equipment with uninterrupted power supply, UPS, Fire extinguishing equipment and flood protection. Everything externally audited and tested on regular basis.
Iptor is performing regular review of all third-party vendors with access to any of Iptor subcontracted data centers. The result is used in Iptor risk treatment process to mitigate or avoid risks.
Iptor network is separated to avoid any potential cyber attack from spreading cross different services.
Data center network is monitored by dedicated network team, 24/7. Network intelligence technology is installed and configured to monitor and / or block malicious network traffic and attacks.
Iptor have implemented Cloudflare protection on iptor.com for higher security.
Vulnerability scanning and penetration test
The yearly security plan for Iptor includes regular vulnerability scanning’s and penetration tests.Iptor partner IBM and Kyndryl have similar plans and perform regular vulnerability scanning’s and penetration tests.
Iptor have implemented a DDoS protection from Cloudflare on the iptor.com domain.
Iptor have implemented MFA for all employees with access to the Iptor network. Our policy is based on least privileged access policy.
For management of the IaaS and PaaS infrastructure, our partner Kyndryl has implemented a PAM system that gives visibility of who access what at what time.
For access to iptor.com cloud services, the same least privileged access policy is used.
Security incident response
Iptor have a Security Incident Response Plan (SIRP). It has been developed together with IBM X-Force who have a solid experience of various response plans and how to make them suitable for different businesses.
The SIRP includes everyone within Iptor and describes how Iptor will react to a security incident. There are descriptions of urgent situations when an ongoing attack is needing highest possible attention as well as less urgent security incidents that might not need everyone’s attention but still poses a significant threat to Iptor business.
Iptor SIRP is tested regularly and evaluated within the ISO27001 yearly wheel of improvement.
The Iptor IaaS and PaaS services, delivered together with Iptor partner Kyndryl, has a 24×7 SOC available in case of a security incident.
Iptor has an agreement with IBM X-force. An IBM company specialized in cyber security with proactive security services and ability to resolve advanced security incidents.
IBM X-Force services are used in the Iptor SaaS service based in IBM Cloud to protect the application iptor.com.
All Iptor services have the option of full redundancy. The common infrastructure of the Iptor services is designed with full redundancy.
Depending on the service, different options of distance between redundant data centers is available.
Iptor services can be designed with High availability for the end customer. Depending on the service, different solutions are available.
If desired, different data centers can be chosen for the high availability solution.
Iptor have a comprehensive set of security policies. Policies are audited externally on regular times. All policies are made available to all Iptor employees.
Iptor awareness training includes all employees and is a continues work. Iptor security team provides additional security awareness updates via Iptor internal information channels.