Intelligent Locations’ INTRAX platform is built from ground up with security in mind. We follow and implement the best practices and standards recommendations in every layer of the cloud architecture and development process. We follow the ISO 27001 standard and applicable set of SOC2 Type 2 security controls (report available on demand).
For our web application, we use OWASP top10 standard recommendations, while maintaining HIPAA and SOC 2 certifications, Intelligent Locations already enforces a robust security posture, continuously improved by our internal Security Governance Process. We use Security Scorecard and Coalition Inc as external Cyber Security monitoring tools which helps us and our customers continuously monitor the current state of Security Posture.
The security approach employed by Intelligent Locations, defense-in-depth strategy, aims to combine multiple security controls applied at each platform layer. The following are examples of such measures:
1. Network Security – continuously monitoring traffic and completely isolating internal resources and development tools inside the cloud, minimizing attack surface.
2. Application Security – enforce authenticated access to all internal and customer facing applications. Follow examples of access and security measures in place:
3. Users – Internal Users (Intelligent Locations employees) are subject to:
Intelligent Locations is annually audited, which helps the company understand what it is doing right and what can be improved. Improvements are made regularly and plans are in place for risk events.
For exceptional events that might be unforeseen or out of Intelligent Locations’ control (Natural disasters, cyber-attacks etc.), the company maintains a Disaster Recovery Plan in order to restore the system and minimize the potential downtime for customers. Intelligent Locations’ team tests the Disaster Recovery Plan at least twice annually. Cloud services are set up such that end users face as little disruption and data loss possible, and Intelligent Locations is constantly working on improving to cover as many scenarios as possible.
In the event of a data breach, or failure in any of our policies, the Incident Response Plan is enacted.