IAM Cloud


Security & Trust

Security Statement

Keeping our customers, partners and employees safe and secure is our top priority.

We do this by:

  • Embracing best of breed cloud technologies, primarily in Microsoft Azure
  • Using a range of security centric tools, technology and architecture, from pen testing, code analysis, application firewalls, subnets, VPNs, comms and storage encryption, MFA and more.
  • Hiring highly-experienced and skilled people who both understand and respect security
  • Vetting all personnel to a minimum of BPSS standard (or international equivalent)
  • Keeping our local devices secure using advanced endpoint management technologies
  • Ensuring all our team members undertake monthly security training
  • Segregating our production and non-production environments and operating all systems using the principle of least privilege
  • Having dedicated security personnel and teams
  • Undertaking regular internal and external audits and having a company-wide philosophy of continuous improvement
  • Adhering to industry best practices and standards, such as ISO27001
  • Being transparent about how and where we store data
  • Adopting a security-by-design ethos of never storing data we don’t need, or increasing risk exposure without absolutely justifiable cause – thus minimising security threats by simply not having the risk in the first place.


ISO27001 is a globally recognised Information Security Management System (ISMS) standard. IAM Cloud originally obtained ISO certification back in 2016 and are proud to have retained certification for compliance with ISO/IEC 27001:2013 ever since. Our current certificate is available for download here.

Product security

For specific information on the security features of our products, please consult our product overviews or speak with a member of our sales teams for further information.

Product Overviews
Cloud Drive Mapper
Simple Sign-On
IDx (The Identity Exchange)

Breach Notification Policy

We will always inform our customers and other stakeholders promptly in the event of any confirmed security incident that may impact their service. Any customer that experiences a breach of sensitive or confidential data, such as Personal Identifiable Information, will be notified as soon as possible, and no more than 72 hours after a breach is discovered.