Keeping our customers, partners and employees safe and secure is our top priority.
We do this by:
- Embracing best of breed cloud technologies, primarily in Microsoft Azure
- Using a range of security centric tools, technology and architecture, from pen testing, code analysis, application firewalls, subnets, VPNs, comms and storage encryption, MFA and more.
- Hiring highly-experienced and skilled people who both understand and respect security
- Vetting all personnel to a minimum of BPSS standard (or international equivalent)
- Keeping our local devices secure using advanced endpoint management technologies
- Ensuring all our team members undertake monthly security training
- Segregating our production and non-production environments and operating all systems using the principle of least privilege
- Having dedicated security personnel and teams
- Undertaking regular internal and external audits and having a company-wide philosophy of continuous improvement
- Adhering to industry best practices and standards, such as ISO27001
- Being transparent about how and where we store data
- Adopting a security-by-design ethos of never storing data we don’t need, or increasing risk exposure without absolutely justifiable cause – thus minimising security threats by simply not having the risk in the first place.
ISO27001 is a globally recognised Information Security Management System (ISMS) standard. IAM Cloud originally obtained ISO certification back in 2016 and are proud to have retained certification for compliance with ISO/IEC 27001:2013 ever since. Our current certificate is available for download here.
For specific information on the security features of our products, please consult our product overviews or speak with a member of our sales teams for further information.
Cloud Drive Mapper
IDx (The Identity Exchange)
Breach Notification Policy
We will always inform our customers and other stakeholders promptly in the event of any confirmed security incident that may impact their service. Any customer that experiences a breach of sensitive or confidential data, such as Personal Identifiable Information, will be notified as soon as possible, and no more than 72 hours after a breach is discovered.