Data Security Policy
Intulse & Data Security
OUR COMMITMENT TO SECURITY, AVAILABILITY AND PRIVACY
Thousands of users depend on Intulse every day to keep their information safe while driving mission-critical business processes. That’s why we take security, privacy and availability very seriously. Intulse combines best-of-breed technology, a highly trained and experienced staff, adherence to strict industry standards and the flexibility to meet diverse client requirements.
Security
Intulse leverages multiple layers of defense to protect key information and handle all critical facets of network and application security, including authentication, authorization and assurance.
Intulse maintains a highly mature security program, based on industry best practices. While this page provides a high level overview, more detailed information is available to large prospects under NDA.
Security Architecture
Intulse’s security architecture is designed to protect the confidentiality, integrity and availability of all client information that we host. We apply stringent, risk-adjusted security controls in layers ranging from facilities (physical security) to network infrastructure (network security), IT systems (system/host security) and information and applications (application security). Intulse has the following security controls:
Secure Data Centers
Intulse leverages Equinix as our datacenter provider of the future. Equinix carries several certifications such as HIPAA, ISO 27001, NIST 800-53/FI, PCI DSS, SOC 1 Type II, and SOC 2 Type II.
Encryption
Intulse offers strong encryption options for clients to use, which secures the Data in Transit (DIT) from the client side, to our core services.
Cloud Infrastructure
Intulse’s infrastructure is designed in accordance with best practices guidelines.
Security Monitoring
Our networks and systems are continuously monitored for security issues. Security events are correlated for evaluation by our security team, using a Security Information and Event Management System (SIEM) tools.
Application Programming Interfaces (API)
Secure API’s are available for customers, which can be used to export security data to a Security Information and Event Management (SIEM) solution. More information can be found at https://dashboard.intulse.com/docs.
Hardened Operating Systems
All operating systems are configured to only use the minimal number of required services.
Separated Services
All services are isolated and not shared, minimizing the risk of unintended data disclosure.
Strict Access Controls
Intulse enforces strict access control on all its systems. We perform regular internal audits and use automated tools to verify desired configurations.
Strict ingress and egress points
Access to the application is restricted to encrypted ports (e.g. 443). Intulse administration is limited to a small group of Intulse workers using a secure VPN to access client environments. All activity is logged.
Security Architecture
The Intulse production network is completely segregated from the Intulse corporate network. Only essential personnel have access to Intulse’s production network.
Data Security
All of our security controls and risk analysis are based around the premise of protecting client data. Intulse hosting supports various encryption methods to protect data transiting over untrusted networks. Customers can choose to implement SSL or VPN technology to add a layer of protection to their hosted site. Encryption has also been implemented for both transit and storage of offsite backups in the remote data center facilities.
Restricted access to customer data
Intulse’s access to customer data is highly restricted, and access requests by our support personnel follows a highly controlled and documented process. Before access is granted, employees must complete special security training to handle customer data.
Incident and Response
Intulse has an incident response process designed to handle client data incidents.
Logging and Audit
All activity is logged in a protected system and is audited using automated tools.
Training
All Intulse employees are required to participate in security training.
Software Engineering Security Process
Security is continuously improved and tested throughout the Intulse product lifecycle. All new feature designs are audited for high-level security considerations, and feature implementations are checked for security flaws throughout development. Existing features are audited for security vulnerability regressions, and application-wide audits are performed to ensure that feature integration is secure. Third-party components used by Intulse are researched and monitored carefully for vulnerabilities. Application security testing is accomplished using both manual and automated methodologies.
Certified Security Personnel
Intulse’s Security team includes Information Security professionals with expertise in application, network and architecture security who help define our security policies and security controls. The Intulse security team is composed of professionals with graduate-level degrees and 15+ years industry experience.
Best Practices
Intulse maintains secure programming best practice documents based on OWASP requirements. Best-practice documents are updated on a regular basis to reflect current vulnerability knowledge, and also provide developers with real-world examples of previous programming mistakes and how to avoid them. Topics covered include input/output data sanitation, proper usage of authentication and authorization, avoiding information disclosure and secure file system (and other resource) usage.
Intulse engages trusted testers to perform a security review of its product, based on OWASP standard methodologies. Such tests include:
- Application discovery and reconnaissance
- Identification of weak point
- Penetration testing using tools and techniques that mimic malicious attackers
- Reporting of vulnerabilities
- Patch verification
Applications Security Process
Security Assessment Policy
Intulse’s release readiness workflow includes continuous security tests and assessments. Manual and automated security tests are conducted at critical milestones, prior to public release. Security vulnerabilities discovered during these tests are then reviewed for criticality, and assigned to Engineering for resolution. Based on criticality, the issue may be resolved prior to release, or addressed in a future update.
Product Security Features
The Intulse platform has built-in features for configuring security at a level appropriate to your organization. Our Client Services team is available to perform customizations on your instance, if the out-of-the-box options don’t meet your security requirements.
Tools
Intulse utilizes best-in-class security tools to monitor our environment, such as:
- Intrusion Detection Systems (IDS) monitoring
- Distributed Denial of Service (DDoS) detection and mitigation
- Security Information and Event Management (SIEM) logging and analysis
- Web Application Firewall (WAF)
- Application security scanning, using multiple products
Availability
Intulse strives to maintain excellent uptime for our clients.
Intulse considers our solution available if we can complete the following tasks:
- Access the login page of the Intulse App and confirm correct rendering of the page,
- Log into the solution using the Private Intulse Account (i.e., no SSO login) and confirm correct rendering of the home page,
- Successfully register a phone to a client extension,
- Make an outbound call and verify two-way audio (and video if applicable),
- Answer an incoming call and verify two-way audio (and video if applicable)
Privacy
Our commitment to privacy is second to none in the industry. When it comes to protecting the data that our clients and partners entrust to us, we make no compromises. Client data in never seen by Intulse personnel unless given permission and is never shared with anyone.
Revised 01/01/2020